Jump to content

Fuzzing OpenSLL with AFL-Fuzz Test Case Error


greg123
 Share

Recommended Posts

I've generated a self signed certificate and put it in "in" directory. It then gave me a different error that said there was no file named selftls. What program in openssl accepts and processes certificates?

Link to comment
Share on other sites

./selftls says to look for a file called selftls in the current directory.

I'm guessing that you've found these instructions in some document and have just copy and pasted them rather than trying to understand what they are actually doing. I suggest finding a man page or manual for the tool you are using and read through it to learn what is actually going on.

Link to comment
Share on other sites

I am in the openssl directory

cd openssl
greg123:~/openssl (master) $ ls
ACKNOWLEDGEMENTS Configure* LICENSE NOTES.WIN README.PERL config* demos/ include/ ssl/
AUTHORS FAQ Makefile README VMS/ config.com doc/ ms/ ssl.map
CHANGES INSTALL Makefile.shared README.ECC apps/ configdata.pm e_os.h openssl.spec test/
CONTRIBUTING INSTALL.DJGPP NEWS README.ENGINE appveyor.yml crypto/ engines/ out/ tools/
Configurations/ INSTALL.WCE NOTES.VMS README.FIPS build.info crypto.map external/ pod2htmd.tmp util/
Link to comment
Share on other sites

Have you done any fuzzing before? From what you've posted so far I'd guess probably not or very little.

Openssl has been analysed by all the top professionals so unless you are very skilled then the chances of you finding anything are so remote that you are mostly wasting your time unless you are doing it just to learn how to fuzz. If you are doing it to learn to fuzz then don't start here, start with the basics and work up. There are loads of better apps to start on to learn the skills.

Link to comment
Share on other sites

I've not done any fuzzing so don't know the recommended resources but these look like good places to start:

https://fuzzing-project.org/tutorial1.html

This post is from a mate of mine who does know his stuff

https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/

I'd also recommend just getting to know Linux, both errors you posted are fairly basic if you know your way around a command line.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...