Comments (6)
-
As stated in https://github.com/SoftSec-KAIST/Eclipser#usage, fuzzing results will be saved in
<sync dir>/*/queue/
and<sync dir>/*/crashes/
. You can retrieve the test cases incrashes/
and run them on the target program to reproduce the crashes. -
I'm not sure what you mean by
parse the bytes to tell user which are the inputs that made the program crash
. Are you interested in which part (i.e. specific offset) of the input is actually related to the found bugs? Such analysis is out of fuzzing's scope. Please take a look at dynamic taint analysis tools and papers for such functionality.
from eclipser.
Yes, I read that part but it's not 100% clear how can i run the crashses or the testcases with my program.
I implemented the example in the paper with an abort and I find it and it is stored in crashes. How can I read which is the input? How do I open the fuzzing results stored in queue and crashes?
from eclipser.
To be clearer.
I implemented the example in a C program called fault.c
and compiled it in fault.bin
. I launch Eclipser on it and it finds the crash (implemented with abort()).
If i run ./fault.bin box/output/crashes/id\:000000
the only thing i get is Aborted (core dumped)
. So I understand that there is a problem but I don't get any useful information like: which is the input that made my program crash? Which is the path followed with that input that lead to an abort?
from eclipser.
Hi @francescoschembri. AFAIK, Eclipser is tool that could give you a crash, but it cannot show you the program path or minimize the input to know we exactly which bytes are important. If you want to understand how and why you program crashed, you should use a debugger such as gdb. You can take a look to a tutorial for debugging a crash here.
from eclipser.
- Each file in
crashes/
directory is a test case by itself, so running it like./fault.bin box/output/crashes/id\:000000
as you did is correct. In other words, the content ofbox/output/crashes/id\:000000
is the exact input that makes the program crashes. - If you want to obtain more detailed information about the crash (e.g. 'the path of crashing execution' or 'which offset of the input led to the execution of that path'), such analysis is not the role of a fuzzer, as neuromancer has pointed out. One can implement such functionality with program instrumentation or dynamic taint analysis tools, so please take a look at such tools. Of course, a debugger is a good option, too.
from eclipser.
Ok so it's a decision to focus just on the fuzzing and not also on the other stuffs. Thanks for the clarification.
from eclipser.
Related Issues (15)
- Changelog from Eclipser 1.0? HOT 3
- Understand the output directory HOT 3
- Confirmation on sharing state between multiple instances of Eclipser HOT 3
- Any chance you can fix qemu to work on ubuntu 20.04 HOT 4
- Please provide a Dockerfile for Eclipser 2.0 HOT 8
- Fork server died: Success HOT 12
- Solving timeout HOT 2
- Timeout of -1 does not work in old Eclipser HOT 1
- Using DeepState makes graybox concolic much less effective. HOT 13
- Eclipser doesn't seem to work with LLVM sanitizers HOT 2
- TCG instrumentation? HOT 2
- Sampling input bytes instead of conditional statements in SELECT? HOT 2
- Fuzzing rocksdb doesn't work HOT 7
- Allow the user to select the arquitecture to compile HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eclipser.