- https://medium.com/@coolx28/security-oriented-open-source-continuous-fuzzing-101-from-start-to-finish-637eaceb9acb
- https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
- https://research.aurainfosec.io/hunting-for-bugs-101/
- https://labsblog.f-secure.com/2017/06/22/super-awesome-fuzzing-part-one/
- https://thecyberrecce.net/2017/03/20/software-exploit-development-fuzzing-with-afl/
- https://www.sec-consult.com/wp-content/uploads/files/vulnlab/the_art_of_fuzzing_slides.pdf
- https://hackernoon.com/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf
brew install afl-fuzzMacOS with AFL Fuzz
SL=/System/Library; PL=com.apple.ReportCrash
launchctl unload -w ${SL}/LaunchAgents/${PL}.plist
sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist
- fuzzing python https://tomforb.es/segfaulting-python-with-afl-fuzz
-
https://www.owasp.org/index.php/Fuzzing OWASP Fuzzing
-
https://github.com/trailofbits/echidna ETH fuzzing tools
-
https://www.youtube.com/playlist?list=PLtPrYlwXDImiO_hzK7npBi4eKQQBgygLD 视频播放列表,关于fuzzing
-
fuzzer-test-suite: https://github.com/google/fuzzer-test-suite 学着玩玩
-
AFL: http://lcamtuf.coredump.cx/afl/ (https://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz)
-
AFL python interface : https://github.com/shellphish/fuzzer
-
AFL Unicorn: https://github.com/Battelle/afl-unicorn
-
AFL training: https://github.com/ThalesIgnite/afl-training
-
AFL go version: https://github.com/dvyukov/go-fuzz
-
AFL rust version: https://github.com/rust-fuzz/afl.rs
-
AFL python version: http://jwilk.net/software/python-afl
-
WAFL
-
Morph
-
Os-fuzz
-
zzuf 使用过了
-
honggfuzz
-
OSXFuzz
-
sCFF分布式。py2.7 + AWS https://github.com/softscheck/sCFF
- fuzzing初尝试 ,跟着 https://github.com/google/fuzzer-test-suite 的教程
- heartbleed 也是通过fuzzing发现的。厉害了卧槽。
- 微软研究院Seurity Risk Detection中关于fuzzing with machine learning , 但是这个视频只是使用。https://docs.microsoft.com/en-us/security-risk-detection/how-to/
问题来了:
- fuzzing原理是什么
先看下AFL的原理 http://lcamtuf.coredump.cx/afl/technical_details.txt
- 怎么写fuzzing的代码?
- 怎么根据fuzzing 后的结果写POC代码?
- 怎么自动化fuzzing?
- 怎么使用机器学习生成,并去攻击?
- 怎么进行内核的fuzzing windows kernel, linux kernel osx kernel?
https://github.com/RUB-SysSec/kAFL https://github.com/nccgroup/TriforceAFL https://github.com/google/syzkaller
QEMU With AFL
(本教程主要以cnetos为主)
ubuntu
centos
如果编译不通过,进入qemu_mode/修改脚本,然后重新make
./configure --target-list="aarch64-softmmu,microblazeel-softmmu" --enable-fdt --disable-kvm --disable-xen事实证明还是在Centos上搞定了。
然后跑个实验先,注意TriforceLinuxSyscallFuzzer和TriforceAFL在同一目录:
git clone https://github.com/nccgroup/TriforceLinuxSyscallFuzzer yum install glibc-static cd TriforceLinuxSyscallFuzzer make步骤基本如下:
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.2.2.tar.xz此处本来尝试了采用afl-gcc和afl-g++去编译,但是没有成功。
更改install的路径
vim Makefile在大概919行的位置,更改目录为自己的。此处为``然后运行
make install就可以看到对应的文件已经在目录下了
然后查看
ls /proc/kallsyms。这个文件包含了kernel image和动态加载模块的符号表。 如果没有该文件,可以通过sudo sh -c "echo 0 > /proc/sys/kernel/kptr_restrict"进行开启。把对应的文件拷贝到你的kern目录下
cp /proc/kallsyms . cp arch/x86/boot/bzImage /home/ops/fuzz_learning/tools/kern内核编译就绪,接下来开始运行
参考: https://github.com/openssl/openssl/tree/master/fuzz
yum install clang git clone https://github.com/openssl/openssl CC=afl-clang ./config enable-fuzz-afl no-shared -DPEDANTIC \ enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 \ enable-ssl3 enable-ssl3-method enable-nextprotoneg \ enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment \ --debug make参考资料