I am trying AFL for the first time, and for that reason i found a very simple vulnerable C code that i could use to test AFL.
The C code in questions is
#include <stdio.h>
#include <string.h>
int main(int argc, char * argv[]){
char name[10];
if ( argc > 1 ){
strcpy(name, argv[1]);
printf("HELLO %s\n", name);
}
return 0;
}
I compile that code by running afl-gcc test.c -o test
and i tested it just to make sure it crashes when it was suppose to (running ./test $(python3 -c "print('A'*26)")
will give a segmentation fault as expected)
The problem here is, i created a testcase echo -en "test\x00" > input/testcase
and run AFL afl-fuzz -i afl_in -o afl_out -- ./test
but after a day it still hasn't found any crashes.
I also tried to create a test case that would force it crash python3 -c "print('A'*26)" > input/testcase
but it still runs and does not find anything.
This was suppose to be the easiest example so i could get to know AFL a bit better but it is proving to be a challege. Can anyone help?
Just as Nick ODell post it in the comments
Following that URL shows an experimental module that allows for AFL to read from an argument, and for that to work i just had to add 2 lines to my existing code:
After that i just compiled it again and everything worked as expected.