afl-libprotobuf-mutator

Example/skeleton for using libprotobuf-mutator together with AFL.

Usage

Download and compile AFLplusplus
Put your protobuffer in gen/out.proto
Write your own protobuffer-message-to-raw-data methods
export AFL_CUSTOM_MUTATOR_ONLY=1
export AFL_CUSTOM_MUTATOR_LIBRARY=./mutator.so

The current implementation turns enum values into bytes. It was an experiment in encoding regexps as protobuffers. Unfortunately, PBs are not powerful enough to do that.

Full Example

export AFL_CUSTOM_MUTATOR_ONLY=1
export AFL_CUSTOM_MUTATOR_LIBRARY=./mutator.so
afl-fuzz -i /tmp/in -o /tmp/out -Q -- ./dumper @@

In order to dump/verify the content of the protobuffers:

for f in /tmp/out/queue/id*src*; do echo "== $f =="; ./dumper $f; done

Install

./build.sh
make

Missing Features

AFLplusplus doesn't yet provide a custom splicing hook, so we can't mix two protobuffers
- I have a custom version on my PC but I'm not sure it's bug-free so I won't push it for the time being
honggfuzz has support for external mutators/postprocessors, so it should be trivial to add support (maybe it'll be a little bit slower do to I/O)

Name	Latest commit message	Commit time
Failed to load latest commit information.
.vscode	first (:	Jan 17, 2020
gen	first (:	Jan 17, 2020
src	first (:	Jan 17, 2020
Makefile	fix Makefile	Jan 19, 2020
README.md	update readme	Jan 19, 2020
build.sh	first (:	Jan 17, 2020

thebabush / afl-libprotobuf-mutator

Join GitHub today

Clone with HTTPS

Downloading

Launching GitHub Desktop

Launching GitHub Desktop

Launching Xcode

Launching Visual Studio

README.md

afl-libprotobuf-mutator

Usage

Full Example

Install

Missing Features