- Table of Contents
- LibAFL Training
- Training Overview
- Training Program
- Useful Resources
- Reporting Issues
So, you want to learn how to use LibAFL! Welcome to the future of fuzzing. You can read all about LibAFL and the features it offers on their github page, but the highlights are:
- Fast: LibAFL lets you create the fastest fuzzers possible, with minimal overhead.
- Rust: Take advantage of the Rust language and ecosystem, including package management and robust FFI.
- Scaling: LibAFL scales across cores and machines by default.
- Any platform: LibAFL runs on Windows, Linux, Android, MacOS, and embedded environments.
- Any target: LibAFL can fuzz targets on any platform it runs on, and any other platform by creating remote harnesses. Fuzz FPGAs, UEFI firmware, Web Apps, and more, with or without source code.
- Customizable: LibAFL gives you robust building blocks to assemble powerful fuzzers, but every component can be swapped out and customized for your use case or for maximum performance.
This training will teach you beginner through advanced use of the LibAFL library to build your own fuzzers. Unlike other LibAFL tutorials, it doesn't assume you are a Rust expert, or even that you have any Rust experience. It does however, assume that you are an experienced C/C++ programmer, and will explain Rust concepts throughout in terms of their C/C++ equivalents.
The training is broken down into a series of exercises that you will work through using the provided documentation. In each case, a solution is provided with the full working code and any supporting files for you to reference in case you get stuck.
There are many options for your development environment (we'll cover all of them in Chapter 1). All code and command line commands should work on all of the options, but examples are given as if you are running in the provided Dev Container, so paths may be different from what you see on your machine. This is okay!
Throughout the training, there will be many code snippets that aren't intended to be written in the program or library the exercise is about. These snippets are just for example or as general Rust instruction, and will always include a link to the Rust Playground. The Rust Playground is a simple online environment for running, testing, and sharing Rust code. You'll see
- Learn to build libraries with
libafl_ccandlibafl_cxx - Write a harness for
hyperscan - Learn to build binaries with
libafl_ccandlibafl_cxx - Write a harness for
jq
- Fuzzing Rust
- Fuzzing Rust for Windows
- Fuzzing C/C++ for Windows (Clang)
- Fuzzing C/C++ for Windows (MSVC)
- Fuzzing C#
- Fuzzing C# for Windows
- Fuzzing Python
- Fuzzing Java, Kotlin, and Scala
- Fuzzing Go
- Write a custom Feedback and Observer
- Write a structured data Mutator
- Write a corpus Scheduler
- Write a custom Stage
- Use QEMU mode
- Use FRIDA mode
- Add concolic execution
- Use NYX mode
No training can be completely exhaustive, so you may find these resources useful throughout in order to understand various Fuzzing, Rust, and LibAFL concepts.
- Learn X in Y Minutes: Rust
- The Rust Programming Language
- The Rustonomicon: Unsafe Rust
- Rust Standard Library Documentation
- Cargo (Rust Package Manager) Book
- Rust By Example
- Rustlings: Rust Exercises
If you encounter any issues or uncertainty while working through this training, please contact Rowan Hart (rowan.hart@intel.com) and/or file an issue in this repository. The goal with this training is not to provide a framework for learning LibAFL yourself, it is to give you a totally complete guide, so anything missing or incomplete is considered a breaking bug.