So, I wanted to mess around with something called “AFL,” which I guess stands for American Fuzzing Lop. It’s a tool for finding bugs in programs, like a detective for code. Today, my project was “golf ball.”
First, I got AFL up and running on my computer. It was kind of like setting up a new game, but with more typing in the command line. I followed some instructions I found, and boom, it was installed.
Next, I needed a program to test. I picked this thing called “golf ball” as my target. It’s not like real golf, I think it’s some kind of code that does something with, well, golf balls. This is the beginning, and I choose the easiest one to try my hands on.
Then came the tricky part. I had to feed AFL some initial “seed” inputs. These are like example data that AFL uses to start its fuzzing process. I found some sample golf ball data online, like “smooth golf ball” or “soft golf ball”. They are like templates for the tool to work on.
With everything set up, I let AFL loose on the golf ball program. It started throwing all sorts of weird variations of the seed inputs at the program, trying to make it crash or behave unexpectedly. Watching those data running on the screen feels like magic!
I watched the AFL interface, which is full of numbers and stats. It felt like watching a stock ticker, but for bugs! It showed me how many test cases it was generating and if it found anything interesting.
While AFL was doing its thing, I started digging into the golf ball program’s code a bit. I wanted to get a sense of how it worked, so I could understand any bugs that AFL might find. This is like peeking behind the curtain to see how the trick is done.
After a while, AFL flagged a few potential issues. It found some inputs that made the program act a little funky. Nothing major, but enough to pique my interest. I made a note of these and will see what I can do with it.
I decided to dive deeper into those issues. I used a debugger to step through the code and see what was happening when those weird inputs were used. This part felt like being a real detective, examining clues and trying to piece together what happened.
Turns out, the golf ball program had a little trouble handling some edge cases. It wasn’t a huge deal, but it was something that could potentially be improved. I am not sure if it is a serious bug, but it is always better to be safe than sorry. I think I can take some time to look into that more deeply.
I documented my findings, noting the specific inputs that caused the issues and what I observed in the debugger. This way, I can go back and look at them later. I just wrote down all the details in a text file.
Finally, I reported the issues to the developers of the golf ball program. Hopefully, they can use my findings to make their code even better. It’s like giving them a heads-up about a potential problem they might not have known about. They thanked me for that, and it made me feel great.
All in all, it was a fun and productive day of fuzzing. I learned a lot about AFL and how to use it to find bugs in programs. Plus, I got to help make some code a little bit more robust. That is a win in my book! I will try to test on more targets and see if there is any bug I can find.
