This is the code base for the thesis "Curiosity Guided Fuzz Testing".
CuriousAFL extends AFL with 3 different modes: MUTATION, RANDOM and CASE (undocumented in thesis). MUTATION and RANDOM extend afl-fuzz.c in function "common_fuzz_stuff" and CASE in function "calculate_score".
We extended AFL to use 3 additional flags:
| AFL-Flag | Mode |
|---|---|
| -R MODE | Run CuriousAFL in either MUTATION (default), RANDOM, CASE |
| -P Port | Connect to Python Curiosity RPC server on port Port. Only needed in MUTATION and CASE. |
| -r Percentile | If CuriousAFL runs in RANDOM mode, provide a percentile value to cancel out of seeds (e.g. 10, default: 0) |
All seeds used in the thesis can be found in the folder "seeds_programs".
It's helpful to understand how to run "vanilla" AFL, before trying to run CuriousAFL. Please refer to the official source for a guide.
After following our Installation guide, the following are possible usecases (assuming you have CuriousAFL in /home/CuriousAFL and there is a seed folder afl_in):
cd into the testcase folder and start 2 terminals.
Launch the python RND script:
python3 /home/CuriousAFL/CuriousAFL/rnd_server.py --projectbase=./ --port 44444
Launch CuriousAFL:
/home/CuriousAFL/CuriousAFL/afl-fuzz -i afl_in/ -o afl_out/ -R MUTATION -P 44444 ./objdump -D @@
cd into the testcase folder.
(python script is not needed)
Launch CuriousAFL:
/home/CuriousAFL/CuriousAFL/afl-fuzz -i afl_in/ -o afl_out/ -R RANDOM -r 10 ./objdump -D @@