xref: /aosp_15_r20/external/AFLplusplus/utils/afl_network_proxy/README.md (revision 08b48e0b10e97b33e7b60c5b6e2243bd915777f2) 
1# afl-network-proxy
2
3If you want to run afl-fuzz over the network, then this is what you need. :)
4Note that the impact on fuzzing speed will be huge, expect a loss of 90%.
5
6## When to use this
7
81. when you have to fuzz a target that has to run on a system that cannot
9   contain the fuzzing output (e.g., /tmp too small and file system is
10   read-only)
112. when the target instantly reboots on crashes
123. ... any other reason you would need this
13
14## how to get it running
15
16### Compiling
17
18Just type `make` and let the autodetection do everything for you.
19
20Note that you will get a 40-50% performance increase if you have libdeflate-dev
21installed. The GNUmakefile will autodetect it if present.
22
23If your target has large test cases (10+kb) that are ascii only or large chunks
24of zero blocks then set `CFLAGS=-DCOMPRESS_TESTCASES=1` to compress them.
25For most targets this hurts performance though so it is disabled by default.
26
27### on the target
28
29Run `afl-network-server` with your target with the -m and -t values you need.
30Important is the -i parameter which is the TCP port to listen on.
31e.g.:
32
33```
34afl-network-server -i 1111 -m 25M -t 1000 -- /bin/target -f @@
35```
36
37### on the (afl-fuzz) main node
38
39Just run afl-fuzz with your normal options, however, the target should be
40`afl-network-client` with the IP and PORT of the `afl-network-server` and
41increase the -t value:
42
43```
44afl-fuzz -i in -o out -t 2000+ -- afl-network-client TARGET-IP 1111
45```
46
47Note the '+' on the -t parameter value. The afl-network-server will take care of
48proper timeouts hence afl-fuzz should not. The '+' increases the timeout and the
49value itself should be 500-1000 higher than the one on afl-network-server.
50
51### networking
52
53The TARGET can be an IPv4 or IPv6 address, or a host name that resolves to
54either. Note that also the outgoing interface can be specified with a '%' for
55`afl-network-client`, e.g., `fe80::1234%eth0`.
56
57Also make sure your default TCP window size is larger than your MAP_SIZE
58(130kb is a good value).
59On Linux that is the middle value of `/proc/sys/net/ipv4/tcp_rmem`
60
61## how to compile and install
62
63`make && sudo make install`
64
65