Skip to content
/ repo-afl-a2 Public

Repository containing files for Assignment 2 on Software Engineering course. UNIST Spring 2022.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

satbekmyrza/repo-afl-a2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
environment
environment
 
 
harness
harness
 
 
subjects
subjects
 
 
README.md
README.md
 
 

Repository files navigation

Assignment 2

Introduction

In this assignment, you will use a fuzzing tool called AFL++ which is a community-maintained fork of the original fuzzing tool called AFL.

Since there is no fundamental difference between AFL++ and AFL, we will refer to AFL++ just as AFL.

Part 1 will help you set up your environment.

Part 2 will guide you through a demo where you will fuzz a dummy library using AFL++. This part will help you understand what test harnesses are used for.

In Part 3 of the assignment, you will need to fuzz three open-source projects libxml2, OpenSSL, and Sendmail. This is the graded part of the assignment.

Part 1

For your convenience, the environment is packaged in a Docker image. All you need to do is to install Docker and pull the image using this command:

docker pull satbekmyrza/se-a2-afl

After that, create a container from the image you pulled:

docker run --privileged -p 1100:22 --name se-a2-afl -d --restart always satbekmyrza/se-a2-afl:latest

The password to the container is root.

Use ssh -p 1100 root@localhost to create a terminal session in your container (CLI only).

(Optional) For GUI experience with the container, try remote development in VSCode.

Part 2

In this part of the assignment, you will learn what test harnesses are and why we need them while fuzzing with AFL. Follow the instructions provided in the README.md of the harness/ directory.

Part 3

In this part of the assignment, you will fuzz three open source projects libxml2, OpenSSL, and Sendmail to find vulnerabilities in them.

You will try to find CVE-2015-8317 in libxml2, CVE-2014-0160 (a.k.a. Heartbleed) in OpenSSL, and CVE-1999-0206 in Sendmail.

Please follow the instructions in README.md for each vulnerability in each of their respective folders under subjects/.

Deliverables

Everything you need to submit as part of your assignment is written in the Deliverables section of README.md's in subjects/*/. Only Part 3 of the assignment is graded. Submit a single report that covers all three projects (libxml2, OpenSSL, and Sendmail), along with other requested materials such as a plot file.

Note: We will consider the quality of your deliverables when grading.

How to Submit

Submit your file via BlackBoard. The submission should be made by May 2nd, 11:59 pm.

FAQ

We will post answers some of the questions here.

About

Repository containing files for Assignment 2 on Software Engineering course. UNIST Spring 2022.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages