Hello, I was looking into fuzzing wget with afl-fuzz [1]. While I hadn't managed to crash it yet, I found a lot of code paths so far with the following input:
> HTTP/1.1 200 OK > Server: nginx > Date: Mon, 10 Aug 2015 20:31:38 GMT > Content-Type: text/html; charset=utf-8 > Content-Length: 283087 > Connection: keep-alive > Vary: Accept-Encoding > cache-control: no-cache > > > qwe The command I used was: LD_PRELOAD=~/workspace/preeny/x86_64-redhat-linux/desock.so ~/workspace/afl-1.86b/afl-fuzz -m 100 -i indir -o outdir -t 1000 src/wget 127.0.0.1 --timeout=0.1 -t 1 -O/dev/null I believe I could trigger a lot more code if I tested --mirror functionality as well. Has anybody tried that? If not, could you share any pointers on how to provoke as much coverage as possible? Cheers, d33tah [1] http://lcamtuf.coredump.cx/afl/
signature.asc
Description: OpenPGP digital signature
