Using the fuzzer AFL (American Fuzzy Lop) to identify vulnerabilities in a computer program

Introduction

AFL is a well-documented, user-friendly fuzzer originally developed by Michał Zalewski (aka lcamtuf) and initially released in late 2013. The tool has helped to discover hundreds of vulnerabilities in widely used software. It allows to easily execute fuzzing in parallel on multi-core systems. Moreover, it contains built-in features to further analyse the crashes identified during the fuzzing phase. In this article I describe my experience in using AFL to fuzz an open-source XML parser found on GitHub. To test the parallel feature of AFL, and to…

Davide Barasti

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store