I have been trying to fuzz using both AFL and Libfuzzer. One of the distinct differences that I have come across is that when the AFL is executed, it runs continuously unless it is manually stopped by the developer.
On the other hand, Libfuzzer stops the fuzzing process when a bug is identified.I know that it allow the addition of parallel fuzzing through the jobs=N
command, however those processes still stop when a bug is identified.
Is there any reason behind this behavior?
Also, is there any command that allows the Libfuzzer to run continuously unless the developer stops the fuzzing process?
This question is old but I also was in need to run libFuzzer without stopping. It can be accomplished with the flags
-fork=<N of jobs>
combined with-ignore_crashes=1
.Be aware that now
Ctrl+C
doesn't work anymore. It is considered as a crash and just spawns a new job. But I think this is a bug, see here.