Fuzz101_libxml2

Posted on | In | Visitors: |
fuzz101_libxml2

项目构建

获取项目

1
2
3
4
5
6
7
8
cd $HOME
mkdir fuzz_libxml2 && cd fuzz_libxml2
wget http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz
tar -zxvf libxml2-2.9.4.tar.gz

cd libxml2-2.9.4
./configure --prefix="$HOME/fuzz_libxml2/install"
make && make install

使用afl-clang-lto构建

1
2
3
4
5
sudo apt-get install python-dev
cd $HOME/fuzz_libxml2/libxml2-2.9.4
CC=afl-clang-lto CXX=afl-clang-lto++ ./configure --prefix="$HOME/fuzz_libxml2/install"  --disable-shared --without-debug --without-ftp --without-http --without-legacy --without-python LIBS='-ldl'
make -j$(nproc)
make install

设置字典和输入文件

1
2
3
4
5
6
7
mkdir afl_in && cd afl_in
wget https://github.com/antonio-morales/Fuzzing101/tree/main/Exercise%205/SampleInput.xml
cd ..

mkdir dictionaries && cd dictionaries
wget https://raw.githubusercontent.com/AFLplusplus/AFLplusplus/stable/dictionaries/xml.dict
cd ..

fuzz测试

1
2
3
4
5
6
7
screen -S fuzz1
export AFL_NO_AFFINITY=1
afl-fuzz -m none -i ./afl_in -o afl_out -s 123 -x ./dictionaries/xml.dict -D -M master -- $HOME/fuzz_libxml2/install/bin/xmllint --memory --noenc --nocdata --dtdattr --loaddtd --valid --xinclude @@
#crtl + a + d
afl-fuzz -m none -i ./afl_in -o ./afl_out -s 789 -S slave6 -- $HOME/fuzz_libxml2/install/bin/xmllint  --memory --noenc --nocdata --dtdattr --loaddtd --valid --xinclude @@

cd $HOME/fuzz_libxml2/

大概跑了10个样本,然后corpus count的样例没出?