In step 1, a custom instrumentation of the target has been added to focus only
on coverage of parse_cert_buf function (see afl_config.sh).
corpus: folder containing the initial corpus. In this case, it simply contains a certificate generated using OpenSSL and base64-encoded;afl_config.sh: script containing all the configuration options for AFL++;build_corpus.sh: script to minimize corpus files and make the corpus unique;fuzz.sh: script to launch AFL++-QEMU on our target.
Assuming you haven't already compiled the target:
make -C ../srcTo build the corpus (only needs to be done once):
./build_corpus.shNote: You may copy the folder from a previous step to avoid rebuilding it:
cp -R ../step0/corpus_unique corpus_uniqueTo start a campaign, simply run:
./fuzz.sh