| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| corpus_http1/ | 22-Oct-2020 | ||
| corpus_http2/ | 22-Oct-2020 | ||
| httpd-master.honggfuzz.patch | 22-Oct-2020 | 3.5K | |
| httpd.conf.h1 | 22-Oct-2020 | 2.5K | |
| httpd.conf.h2 | 22-Oct-2020 | 2.5K | |
| httpd.wordlist | 22-Oct-2020 | 2.9K | |
| README.md | 22-Oct-2020 | 1.5K | |
README.md
1 # Fuzzing Apache 2.4 # 2 3 **Requirements** 4 5 * honggfuzz 6 * clang-4.0, or newer (5.0 works as well) 7 * apache (e.g. 2.4.29 or from githubs' master branch) 8 * apr, apr-utils, nghttp2 9 10 **Preparation** 11 12 Note: The examples provided below use hardcoded paths (here to _/home/$USER/_) and 13 version strings of the libraries (e.g. apr-_1.5.2_). These will have to be modified, so they reflect your actual build environment. 14 15 1. Compile honggfuzz 16 2. Download and unpack the following packages: apr, apr-util, ngttp2, and Apache's httpd 17 3. Patch Apache's httpd 18 19 ```shell 20 $ cd httpd-master 21 $ patch -p1 < httpd-master.honggfuzz.patch 22 ``` 23 4. Configure, compile and install Apache 24 * edit ```compile_and_install.asan.sh``` so it contains valid versions/paths 25 26 ```shell 27 $ ./compile_and_install.asan.sh 28 ``` 29 30 5. Copy custom configuration files (```httpd.conf.h1``` and ```httpd.conf.h2```) to ```/home/$USER/fuzz/apache/apache2/conf/``` (i.e. to your apache dist directory) 31 32 ``` 33 $ cp httpd.conf.h1 httpd.conf.h2 /home/$USER/fuzz/apache/apache2/conf/ 34 ``` 35 36 6. Edit ```httpd.conf.h1``` and ```httpd.conf.h2```, so they contain valid configuration paths 37 38 **Fuzzing** 39 40 * HTTP/1 41 42 ``` 43 $ honggfuzz/honggfuzz -f corpus_http1 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h1 44 ``` 45 46 * HTTP/2 47 48 ``` 49 $ honggfuzz/honggfuzz -f corpus_http2 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h2 50 ``` 51
