Here are some good write-ups to show how to effectively use AFL++:
- https://aflplus.plus/docs/tutorials/libxml2_tutorial/
- https://bananamafia.dev/post/gb-fuzz/
- https://securitylab.github.com/research/fuzzing-challenges-solutions-1
- https://securitylab.github.com/research/fuzzing-software-2
- https://securitylab.github.com/research/fuzzing-sockets-FTP
- https://securitylab.github.com/research/fuzzing-sockets-FreeRDP
- https://securitylab.github.com/research/fuzzing-apache-1
If you do not want to follow a tutorial but rather try an exercise type of training, then we can highly recommend the following:
If you are interested in fuzzing structured data (where you define what the structure is), these links have you covered:
- Superion for AFL++: https://github.com/adrian-rt/superion-mutator
- libprotobuf for AFL++: https://github.com/P1umer/AFLplusplus-protobuf-mutator
- libprotobuf raw: https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator
- libprotobuf for old AFL++ API: https://github.com/thebabush/afl-libprotobuf-mutator
If you find other good ones, please send them to us :-)