Can AFL test network applications without the need to modify their source code? If not, it should be easy to call the parsing routine in a loop using AFL's persistent mode.
At this time xHTTP only parses the minimum amount of headers to work, so fuzzing might not find much yet
IIRC the AFL docs recommend compile time instrumentation when the source is available. Binary-only fuzzing is possible, but it's a lot slower. My last binary-only attempt was years ago at this point, but I recall it being clunky to configure to the extent that I just dropped it in favor of instrumented source.
