Site updated: 2021-05-20 19:44:46
This commit is contained in:
Cool-Y
parent
fa77f68cb3
commit
ab2c9c7a12
@ -458,7 +458,7 @@
|
||||
|
||||
<hr>
|
||||
<h1 id="0x02-AFL快速入门"><a href="#0x02-AFL快速入门" class="headerlink" title="0x02 AFL快速入门"></a>0x02 <a href="http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt" target="_blank" rel="noopener">AFL快速入门</a></h1><p>1)用<code>make</code>编译AFL。如果构建失败,请参阅docs / INSTALL以获取提示。<br>2)查找或编写一个相当快速和简单的程序,该程序从<strong><em>文件或标准输入</em></strong>中获取数据,以一种有价值的方式处理它,然后干净地退出。如果测试网络服务,请将其修改为在前台运行并从stdin读取。在对使用校验和的格式进行模糊测试时,也要注释掉校验和验证码。<br>遇到故障时,程序必须正常崩溃。注意自定义SIGSEGV或SIGABRT处理程序和后台进程。有关检测非崩溃缺陷的提示,请参阅<code>docs/README</code>中的第11节。<br>3)使用afl-gcc编译要模糊的程序/库。一种常见的方法是:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ CC = /path/to/afl-gcc CXX =/path/to/afl-g++ ./configure --disable-shared</span><br><span class="line">$ make clean all</span><br></pre></td></tr></table></figure></p>
|
||||
<p>如果程序构建失败,请联系 <a href="mailto:afl-users@googlegroups.com" target="_blank" rel="noopener">afl-users@googlegroups.com</a>。<br>4)获取一个对程序有意义的小而有效的输入文件。在模糊详细语法(SQL,HTTP等)时,也要创建字典,如<code>dictionaries/README.dictionaries</code>中所述。<br>5)如果程序从stdin读取,则运行<code>afl-fuzz</code>,如下所示:<br><code>./afl-fuzz -i testcase_dir -o findings_dir -- /path/to/tested/program [... program's cmdline ...]</code><br> 如果程序从文件中获取输入,则可以在程序的命令行中输入@@; AFL会为您放置一个自动生成的文件名。</p>
|
||||
<p>如果程序构建失败,请联系 <a href="mailto:afl-users@googlegroups.com" target="_blank" rel="noopener">afl-users@googlegroups.com</a>。<br>4)获取一个对程序有意义的小而有效的输入文件。在模糊详细语法(SQL,HTTP等)时,也要创建字典,如<code>dictionaries/README.dictionaries</code>中所述。<br>5)如果程序从stdin读取,则运行<code>afl-fuzz</code>,如下所示:<br><code>./afl-fuzz -i testcase_dir -o findings_dir -- /path/to/tested/program [... program's cmdline ...]</code><br> 如果程序从文件中获取输入,则可以在程序的命令行中输入@@; AFL会为您放置一个自动生成的文件名。</p>
|
||||
<p><strong>一些参考文档</strong></p>
|
||||
<blockquote>
|
||||
<p><a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">docs/README</a> - AFL的一般介绍,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/perf_tips.txt" target="_blank" rel="noopener">docs/perf_tips.txt</a> - 关于如何快速模糊的简单提示,<br><a href="http://lcamtuf.coredump.cx/afl/status_screen.txt" target="_blank" rel="noopener">docs/status_screen.txt</a> - UI中显示的花絮的解释,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/parallel_fuzzing.txt" target="_blank" rel="noopener">docs/parallel_fuzzing.txt</a> - 关于在多个核上运行AFL的建议<br><a href="http://lcamtuf.coredump.cx/afl/demo/" target="_blank" rel="noopener">Generated test cases for common image formats</a> - 生成图像文件测试用例的demo<br><a href="http://lcamtuf.coredump.cx/afl/technical_details.txt" target="_blank" rel="noopener">Technical “whitepaper” for afl-fuzz</a> - 技术白皮书</p>
|
||||
@ -475,10 +475,10 @@
|
||||
</ol>
|
||||
<hr>
|
||||
<h1 id="0x04-AFL-README"><a href="#0x04-AFL-README" class="headerlink" title="0x04 AFL README"></a>0x04 <a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">AFL README</a></h1><blockquote>
|
||||
<p>Written and maintained by Michal Zalewski <a href="mailto:lcamtuf@google.com" target="_blank" rel="noopener">lcamtuf@google.com</a></p>
|
||||
<p>Written and maintained by Michal Zalewski <a href="mailto:lcamtuf@google.com" target="_blank" rel="noopener">lcamtuf@google.com</a></p>
|
||||
<p> Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.<br> Released under terms and conditions of Apache License, Version 2.0.</p>
|
||||
<p> For new versions and additional information, check out:<br> <a href="http://lcamtuf.coredump.cx/afl/" target="_blank" rel="noopener">http://lcamtuf.coredump.cx/afl/</a></p>
|
||||
<p> To compare notes with other users or get notified about major new features,<br> send a mail to <a href="mailto:afl-users+subscribe@googlegroups.com" target="_blank" rel="noopener">afl-users+subscribe@googlegroups.com</a>.</p>
|
||||
<p> To compare notes with other users or get notified about major new features,<br> send a mail to <a href="mailto:afl-users+subscribe@googlegroups.com" target="_blank" rel="noopener">afl-users+subscribe@googlegroups.com</a>.</p>
|
||||
<p> <strong>See QuickStartGuide.txt if you don’t have time to read this file.</strong></p>
|
||||
</blockquote>
|
||||
<h2 id="1)具有导向性的模糊测试的挑战"><a href="#1)具有导向性的模糊测试的挑战" class="headerlink" title="1)具有导向性的模糊测试的挑战"></a>1)具有导向性的模糊测试的挑战</h2><p>Fuzzing是用于识别真实软件中的安全问题的最强大且经过验证的策略之一;它负责安全关键软件中迄今为止发现的绝大多数远程代码执行和权限提升漏洞。<br>不幸的是,模糊测试也不够有力。盲目的、随机的变异使得它不太可能在测试代码中达到某些代码路径,从而使一些漏洞超出了这种技术的范围。<br>已经有许多尝试来解决这个问题。早期方法之一 - 由Tavis Ormandy开创 - 是一种 <strong>语义库蒸馏(corpus distillation)</strong> 。网上找到的一些大型语料库中往往包含大量的文件,这时就需要对其精简,该方法依赖于覆盖信号从大量高质量的候选文件语料库中选择有趣种子的子集,然后通过传统方式对其进行模糊处理。该方法非常有效,但需要这样的语料库随时可用。正因为如此,<strong>代码覆盖率</strong> 也只是衡量程序执行状态的一个简单化的度量,这种方式并不适合后续引导fuzzing测试的。<br>其他更复杂的研究集中在诸如 <strong>程序流分析(“concoic execution”),符号执行或静态分析</strong> 等技术上。所有这些方法在实验环境中都非常有前景,但在实际应用中往往会遇到可靠性和性能问题 - 部分高价值的程序都有非常复杂的内部状态和执行路径,在这一方面符号执行和concolic技术往往会显得不够健壮(如路径爆炸问题),所以仍然稍逊于传统的fuzzing技术。</p>
|
||||
|
||||
File diff suppressed because one or more lines are too long
3926
search.xml
3926
search.xml
File diff suppressed because one or more lines are too long
@ -240,14 +240,14 @@
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/tags/index.html</loc>
|
||||
<loc>https://cool-y.github.io/categories/index.html</loc>
|
||||
|
||||
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
||||
|
||||
</url>
|
||||
|
||||
<url>
|
||||
<loc>https://cool-y.github.io/categories/index.html</loc>
|
||||
<loc>https://cool-y.github.io/tags/index.html</loc>
|
||||
|
||||
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user