{"id":20602816,"url":"https://github.com/airbus-seclab/aflplusplus-blogpost","last_synced_at":"2026-03-06T12:33:11.511Z","repository":{"id":176349339,"uuid":"653618785","full_name":"airbus-seclab/AFLplusplus-blogpost","owner":"airbus-seclab","description":"Blogpost about optimizing binary-only fuzzing with AFL++","archived":false,"fork":false,"pushed_at":"2023-10-07T19:31:18.000Z","size":365,"stargazers_count":68,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-10-14T21:34:14.171Z","etag":null,"topics":["afl","aflplusplus","binary-only","fuzzing","qemu"],"latest_commit_sha":null,"homepage":"https://airbus-seclab.github.io/AFLplusplus-blogpost","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/airbus-seclab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-06-14T11:54:16.000Z","updated_at":"2025-09-09T12:24:49.000Z","dependencies_parsed_at":null,"dependency_job_id":"f5a9cc73-db15-4bd7-8b16-c9d696460bb2","html_url":"https://github.com/airbus-seclab/AFLplusplus-blogpost","commit_stats":null,"previous_names":["airbus-seclab/aflplusplus-blogpost"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/airbus-seclab/AFLplusplus-blogpost","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2FAFLplusplus-blogpost","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2FAFLplusplus-blogpost/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2FAFLplusplus-blogpost/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2FAFLplusplus-blogpost/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/airbus-seclab","download_url":"https://codeload.github.com/airbus-seclab/AFLplusplus-blogpost/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2FAFLplusplus-blogpost/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30176266,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T11:48:51.886Z","status":"ssl_error","status_checked_at":"2026-03-06T11:48:51.460Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["afl","aflplusplus","binary-only","fuzzing","qemu"],"created_at":"2024-11-16T09:14:52.506Z","updated_at":"2026-03-06T12:33:11.464Z","avatar_url":"https://github.com/airbus-seclab.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Lab for grammar-aware in-memory persistent fuzzing\n\n## Introduction\n\nThis repository contains all scripts and data (as well as an ELF target) to follow along as you read the [associated blogpost](https://airbus-seclab.github.io/AFLplusplus-blogpost) by experimenting on your own on one example: [src/target.c](./src/target.c) (the source code of the **target**).\n\nRepository organization:\n\n* [step0](./step0): **basic fuzzing setup**, default configuration\n* [step1](./step1): custom **instrumentation** (targeting `parse_cert_buf` function)\n* [step2](./step2): with a customized **entrypoint**\n* [step3](./step3): with **persistent mode**\n* [step4](./step4): with an **in-memory hook**\n  * [src/hook](./src/hook): source code of the hook\n* [step5](./step5): custom **grammar-aware mutator**\n  * [src/mutator](./src/mutator): source code of the custom mutator\n* [step6](./step6): with **multi-processing**\n\n\n## Setup\n\n### AFL++\n\nClone and compile AFL++ from the base folder:\n\n```bash\n$ git clone https://github.com/AFLplusplus/AFLplusplus.git -b dev\n$ cd AFLplusplus\n$ git apply ../src/mutator/afl-fuzz-run.patch\n$ make distrib\n```\n\n**Note:**\n* See [this discussion](https://github.com/AFLplusplus/AFLplusplus/issues/1397)\n  to understand why this patch is necessary\n* Tested with commit `4063a3eb4c4099e37aef4f1d96e8b80d58d65fe2` from `Mon Jan 23\n12:50:57 2023 +0100`\n\n### libprotobuf-mutator\n\nClone and compile `libprotobuf-mutator` (used to build our custom mutator) from\nthe base folder:\n\n```bash\n$ git clone https://github.com/google/libprotobuf-mutator.git\n$ cd libprotobuf-mutator\n$ mkdir build \u0026\u0026 cd build\n$ cmake .. -GNinja -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DLIB_PROTO_MUTATOR_TESTING=OFF -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS=\"-fPIC\" -DCMAKE_CXX_FLAGS=\"-fPIC\"\n$ ninja\n```\n\n**Note:** Tested with commit `af3bb18749db3559dc4968dd85319d05168d4b5e` from\n`Wed Dec 7 15:21:20 2022 -0800`\n\nClone and compile the protobuf ASN.1 mutator from the base folder:\n\n```bash\n$ git clone https://github.com/google/fuzzing.git google-fuzzing\n$ cd google-fuzzing/proto/asn1-pdu/\n$ ../../../libprotobuf-mutator/build/external.protobuf/bin/protoc *.proto --python_out=. --cpp_out=.\n$ git apply ../../../src/mutator/google-fuzzing.patch\n```\n\n**Note:**\n* See [this pull request](https://github.com/google/fuzzing/pull/110) to\n  understand why this patch is necessary\n* Tested with commit `128a82660ffe414036ded9a6e561a9532945280d` from `Wed Oct 26\n14:12:31 2022 +0200`\n\n### Python packages\n\nInstall Python3 and the venv package:\n\n```\n$ apt update\n$ apt install python3 python3-venv\n```\n\nSetup a virtual environment and install dependencies:\n\n```\n$ cd src/mutator\n$ python3 -m venv .env\n$ source .env/bin/activate\n$ pip3 install -r requirements.txt\n```\n\n### Blog\n\nCompile the target and libraries created for this blogpost from the base folder:\n\n```\nmake -C src\n```\n\nFinally, generate the corpus:\n\n```bash\n$ cd \u003cstep folder\u003e\n$ ./build_corpus.sh\n```\n\n## Run\n\nSimply use the `fuzz.sh` script from the step you are on:\n\n```bash\n$ cd \u003cstep folder\u003e\n$ ./fuzz.sh\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fairbus-seclab%2Faflplusplus-blogpost","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fairbus-seclab%2Faflplusplus-blogpost","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fairbus-seclab%2Faflplusplus-blogpost/lists"}