Sunday, 6 May 2018

Network Fuzzing with AFL

Download, extract and make afl:
tar xvzf afl-latest.tgz
cd afl-2.35b/
Download, extract and make wireshark with afl:

tar xaf wireshark-2.2.1.tar.bz2

cd /usr/bin
ln -s /usr/libexec/gcc/x86_64-redhat-linux/5.3.1/cc1 cc1plus

CC=/root/afl-2.35b/afl-gcc CXX=/root/afl-2.35b/afl-g++ ./configure
make clean all

Capture and save SNMP packets with wireshark on alternate box:

/root/afl-2.35b/afl-fuzz -m 500 -f /root/afl-2.35b/mutated-data/data.pcap -i /root/afl-2.35b/testcases/pcap/snmp/ -o /root/afl-2.35b/findings_dir/ .libs/tshark -a @@

First appearance, it seems afl is mutating the PCAP structure not the SNMP structure:
Look at dictionary definitions for snmp and let it run for longer to see if some better results are generated.

Get better input via using snmpwalk

No comments:

Post a Comment