How to collect crashes?
geeknik opened this issue · comments
Hello, thank you for sharing this project. I have successfully built and deployed your software, but I don't quite understand how to collect crashes? When running with AFL, the crashes never get counted or logged, despite being able to see the crash and stack trace appear in the terminal of the software we're fuzzing.
For example, using the command line from your README:
/afl-fuzz -i ./input -o ./output -- ./aflnw -a 127.0.0.1 -p 8888 -- /opt/fuzz/nginx/objs/nginx
This doesn't actually start nginx, we have to start nginx in another terminal. Once we do that, we can start seeing some network requests being made towards nginx, and when we finally get nginx to crash, AFL keeps on running and doesn't log the crash or save the reproducing testcase. Can you advise on how to capture the crashes? Thank you.
There are two solutions here. One method is to check the status of the program every time through the -c
parameter, which is also more accurate but will bring a relatively large performance loss. Another method is to uncomment the call of the crash
function in utils.c
. This method has a small performance loss but a low accuracy rate.