custom_mutators/rust/README.md
Bindings to create custom mutators in Rust.
Instead of writing a raw AFL++ mutator, you can write a higher-level LibAFL mutator that can be shared between AFL++ and other fuzzers, see libafl_nautilus for an example.
These bindings are documented with rustdoc. To view the documentation run
cargo doc -p custom_mutator --open.
A minimal example can be found in example. Build it using cargo build --example example_mutator.
An example using lain for structured fuzzing can be found in example_lain.
Since lain requires a nightly rust toolchain, you need to set one up before you can play with it.
An example for the use of the post_process function, using lain with serde and bincode can be found in example_lain_post_process.
In order for it to work you need to:
AFL_DISABLE_TRIM=1bincode or use the AFL_NO_STARTUP_CALIBRATION=1 environment variable.Note that bincode can also be used to serialize/deserialize the lain-generated structure and mutate it rather than generating a new one at each iteration, but it requires some structure serialized with bincode as input seed.