Fuzzing简介以及使用AFL对LibTIFF进行模糊测试

最新推荐文章于 2024-03-22 09:40:12 发布

原创最新推荐文章于 2024-03-22 09:40:12 发布 · 3.9k 阅读

13 ·

CC 4.0 BY-SA版权

文章标签：

#Fuzzing #AFL #LibTIFF

CPP 同时被 2 个专栏收录

44 篇文章

订阅专栏

16 篇文章

订阅专栏

本文介绍了Fuzzing软件测试技术及AFL工具的基本原理，并详细展示了如何使用AFL对LibTIFF进行模糊测试的过程，包括环境搭建、测试案例准备及执行步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

1. Fuzzing简介

Fuzz testing or Fuzzing is a software testing technique, often used to discover security weaknesses in applications and protocols. The basic idea is to attach the inputs of a program to a source of random or unexpected data. If the program fails (for example, by crashing, or by failing in-built code assertions), then there are defects to correct. It should be noted that the majority of security vulnerabilities, from buffer overflows to cross-site scripting attacks, are generally the result of insufficient validation of user-supplied input data. Bugs found using fuzz testing are frequently severe, exploitable bugs that could be used by a real attacker. This has become even more true as fuzz testing has become more widely known, as the same techniques and tools are now used by attackers to exploit deployed software. This is a major advantage over binary or source auditing, or even fuzzing’s close cousin, fault injection, which often rely on artificial fault conditions that are difficult or impossible to exploit.

2. AFL简介

官网：http://lcamtuf.coredump.cx/afl/

3. ALF原理

AFL编译器会对源码进行插桩，然后通过afl-fuzz启动编译出来的程序，并指定输入文件夹与输出文件夹。
AFL会读取输入文件，进行变异喂给程序，最后将crash等输出信息保存到输出文件夹。

源码:

while (conditon) {
    req = get_request();
    process(req);
}

插桩后代码:

while (conditon) {
    put_request(read(file));	// AFL

    req = get_request();
    process(req);

    notify_fuzzer();			// AFL
}

4. AFL安装

下载:
wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
解压:
tar xfz afl-latest.tgz

cd afl-2.52b
安装:
sudo make install

5. LibTIFF安装

下载:
wget http://download.osgeo.org/libtiff/tiff-4.0.9.tar.gz
解压:
tar zxvf tiff-4.0.9.tar.gz
cd tiff-4.0.9
指定编译器为AFL的编译器：
Linux:
export CC=afl-gcc
export CXX=afl-g++
OS X:
export CC=afl-clang
export CXX=afl-clang++
编译:
./configure --disable-shared
make

6. AFL对LibTIFF进行模糊测试

下载用例:
http://lcamtuf.coredump.cx/afl/demo/

建立输入输出文件夹:
mkdir input output
将初始用例放入到输入文件夹中:
cp afl_testcases/tiff/edges-only/images/* input/
开始Fuzzing，在执行过程中，afl-fuzz会把@@替代测试样例:
afl-fuzz -i input –o output tools/tiff2rgba -a @@