Сonditions for stopping fuzzing

[Klavishnik]

Hi, I’m using this project to run multiple instances of a fuzzer inside a Docker container. I don’t want to connect to the container to manually stop the fuzzing process.

Is it possible to define conditions for stopping fuzzing — for example, if no new paths are discovered for a certain period of time? This should result in all fuzzer instances terminating. After that, the coverage collection stage should start.

AFL provides environment variables, such as AFL_EXIT_ON_TIME, which can be used to implement the behavior I described above. Would it be possible to add support for setting environment variables via the configuration file?

Also, will fuzzing termination triggered this way automatically start the coverage collection?

[0xricksanchez]

I’m using this project to run multiple instances of a fuzzer [...]

Glad you find a use for it!

AFL provides environment variables, such as AFL_EXIT_ON_TIME, which can be used to implement the behavior I described above.

AFL_Runner adds system exported AFL_* variables when generating the commands so if you would expose something like export AFL_EXIT_ON_TIME=100 inside your container the generated commands should include this. It should also give out a warning:

Would it be possible to add support for setting environment variables via the configuration file?

As far as I can remember, this is not currently implemented, but should be fairly straightforward to add if we assume that we want to have the specified AFL_* vars applied to ALL the commands. Of course, this could cause user-error if multiple not compatible ones are specified.. Happy to accept a PR for that

Also, will fuzzing termination triggered this way automatically start the coverage collection?

That I actually don't know, never tried that :)