Last days I was doing a little research about 'how this crazy afl works'. ;)
"American Fuzzy Lop" it's an excellent tool created by lcamtuf.
Now it's a good moment to check the documentation of 'afl' if you want
some nice details about using it.
My main note is for "starting" with afl is:
'hangs' sometimes can also give you a potential vulnerability.
Let me show you something. I wrote a simple code with vulnerable strcpy() to
see how afl will handle with 'sample' like this.
What I found was... After few minutes I saw first 'hang':
... after another few minutes I found more and more 'examples' of hangs.
I thought it is timeout or something like that... To check it, I wrote
"extremely advance" bash script ;) to 'automate process of checking hangs'.
So... we will run the script and check the results:
Next step? Maybe 'ulimit' :
And maybe some gdb now:
... and now, maybe it's your turn to run afl on your own code? ;)