1# Fuzzing Apache 2.4 # 2 3**Requirements** 4 5 * honggfuzz 6 * clang-4.0, or newer (5.0 works as well) 7 * apache (e.g. 2.4.29 or from githubs' master branch) 8 * apr, apr-utils, nghttp2 9 10**Preparation** 11 12Note: The examples provided below use hardcoded paths (here to _/home/$USER/_) and 13version strings of the libraries (e.g. apr-_1.5.2_). These will have to be modified, so they reflect your actual build environment. 14 151. Compile honggfuzz 162. Download and unpack the following packages: apr, apr-util, ngttp2, and Apache's httpd 173. Patch Apache's httpd 18 19```shell 20$ cd httpd-master 21$ patch -p1 < httpd-master.honggfuzz.patch 22``` 234. Configure, compile and install Apache 24 * edit ```compile_and_install.asan.sh``` so it contains valid versions/paths 25 26```shell 27$ ./compile_and_install.asan.sh 28``` 29 305. Copy custom configuration files (```httpd.conf.h1``` and ```httpd.conf.h2```) to ```/home/$USER/fuzz/apache/apache2/conf/``` (i.e. to your apache dist directory) 31 32 ``` 33$ cp httpd.conf.h1 httpd.conf.h2 /home/$USER/fuzz/apache/apache2/conf/ 34 ``` 35 366. Edit ```httpd.conf.h1``` and ```httpd.conf.h2```, so they contain valid configuration paths 37 38**Fuzzing** 39 40 * HTTP/1 41 42 ``` 43$ honggfuzz/honggfuzz -f corpus_http1 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h1 44 ``` 45 46 * HTTP/2 47 48``` 49$ honggfuzz/honggfuzz -f corpus_http2 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h2 50``` 51