四川大学学报(自然科学版)2024,Vol.61Issue(1):96-106,11.DOI:10.19907/j.0490-6756.2024.013002
BBFuzz:一种基于输入结构感知的协议模糊测试方案
BBFuzz:A protocol fuzzing tool combined with input structure-aware
摘要
Abstract
Almost all of the systems which need communication are inseparable from protocol design.If the protocol stack is vulnerable,attackers can achieve denial of service attack,data theft and even re-mote code execution via Zero-Click.Protocol messages often have certain elements such as structure,se-mantics,and timing,making it challenging for general fuzzers to effectively perform fuzzing on the serv-er.In recent years,there have been many researches on grey box protocol fuzzing,among which AFL-NET is a representative one.However,the coverage of these researches on the server state machine de-pends on the coverage of the initial seed corpus.In this paper,we firstly analyze the defects of AFLNET in handling binary format protocols,and propose BBFuzz,a protocol fuzzer for test case generation based on manual data models.BBFuzz can quickly provide many interesting seed files for the seed queue,even with only one initial input,and these seed files can cover a more comprehensive server state.Mean-wile,BBFuzz can well support fuzzing of two different types of protocols,namely human readable ASCII format and binary format protocols.The paper implemented BBFuzz's support for RTMP protocol,and evaluated BBFuzz on the RTMP module of two well-known streaming media software.Our evaluation results show that BBFuzz outperforms AFLNET on both map density and paths.For RTMP module,we dug two real vulnerabilities on ZLMediaKit and media-server respectively,and these two vulnerabili-ties have been assigned CVE number which is classified as HIGH.关键词
模糊测试/协议模糊测试/软件测试/协议安全Key words
Fuzzing/Protocol fuzzing/Software testing/Protocol security分类
信息技术与安全科学引用本文复制引用
翁嵩涠,贾鹏,周安民..BBFuzz:一种基于输入结构感知的协议模糊测试方案[J].四川大学学报(自然科学版),2024,61(1):96-106,11.基金项目
国家重点研发计划项目(2021YFB3101803) (2021YFB3101803)
