If you are a total newbie, try this guide:
Here are some good write-ups to show how to effectively use AFL++:
- https://aflplus.plus/docs/tutorials/libxml2_tutorial/
- https://bananamafia.dev/post/gb-fuzz/
- https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/
- https://securitylab.github.com/research/fuzzing-challenges-solutions-1
- https://securitylab.github.com/research/fuzzing-software-2
- https://securitylab.github.com/research/fuzzing-sockets-FTP
- https://securitylab.github.com/research/fuzzing-sockets-FreeRDP
- https://securitylab.github.com/research/fuzzing-apache-1
- https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
If you do not want to follow a tutorial but rather try an exercise type of training, then we can highly recommend the following:
Here is a good forkflow description (and tutorial) for qemu_mode:
Here is good workflow description for frida_mode:
If you are interested in fuzzing structured data (where you define what the structure is), these links have you covered (some are outdated though):
- libprotobuf for AFL++: https://github.com/P1umer/AFLplusplus-protobuf-mutator
- libprotobuf raw: https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator
- libprotobuf for old AFL++ API: https://github.com/thebabush/afl-libprotobuf-mutator
- Superion for AFL++: https://github.com/adrian-rt/superion-mutator
- Install AFL++ Ubuntu
- [Fuzzing with AFLplusplus] Installing AFLPlusplus and fuzzing a simple C program
- [Fuzzing with AFLplusplus] How to fuzz a binary with no source code on Linux in persistent mode
- Blackbox Fuzzing #1: Start Binary-Only Fuzzing using AFL++ QEMU mode
- HOPE 2020 (2020): Hunting Bugs in Your Sleep - How to Fuzz (Almost) Anything With AFL/AFL++
- How Fuzzing with AFL works!
- WOOT '20 - AFL++ : Combining Incremental Steps of Fuzzing Research
If you find other good ones, please send them to us :-)