BBFuzz:A protocol fuzzing tool combined with input structure-aware
Almost all of the systems which need communication are inseparable from protocol design.If the protocol stack is vulnerable,attackers can achieve denial of service attack,data theft and even re-mote code execution via Zero-Click.Protocol messages often have certain elements such as structure,se-mantics,and timing,making it challenging for general fuzzers to effectively perform fuzzing on the serv-er.In recent years,there have been many researches on grey box protocol fuzzing,among which AFL-NET is a representative one.However,the coverage of these researches on the server state machine de-pends on the coverage of the initial seed corpus.In this paper,we firstly analyze the defects of AFLNET in handling binary format protocols,and propose BBFuzz,a protocol fuzzer for test case generation based on manual data models.BBFuzz can quickly provide many interesting seed files for the seed queue,even with only one initial input,and these seed files can cover a more comprehensive server state.Mean-wile,BBFuzz can well support fuzzing of two different types of protocols,namely human readable ASCII format and binary format protocols.The paper implemented BBFuzz's support for RTMP protocol,and evaluated BBFuzz on the RTMP module of two well-known streaming media software.Our evaluation results show that BBFuzz outperforms AFLNET on both map density and paths.For RTMP module,we dug two real vulnerabilities on ZLMediaKit and media-server respectively,and these two vulnerabili-ties have been assigned CVE number which is classified as HIGH.
国家科技期刊平台
NSTL
万方数据
维普
