CN104796240A - Fuzz testing system for stateful network protocol - Google Patents
Fuzz testing system for stateful network protocol Download PDFInfo
- Publication number
- CN104796240A CN104796240A CN201510219969.2A CN201510219969A CN104796240A CN 104796240 A CN104796240 A CN 104796240A CN 201510219969 A CN201510219969 A CN 201510219969A CN 104796240 A CN104796240 A CN 104796240A
- Authority
- CN
- China
- Prior art keywords
- fuzz testing
- request
- data
- state
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/24—Testing correct operation
Abstract
The invention provides a fuzz testing system for a stateful network protocol, and solves the problem the traditional network protocol fuzz test frame lacks support on complicated stateful protocols. The fuzz testing system comprises a data generation module, a session management module, a monitor and a driving module; the data generation module is used for storing raw data samples and fuzzing raw data based on a rule tree algorithm to generate fuzz testing cases; the session management module is used for connecting one or more requests defined in the fuzz testing cases into a directed acyclic graph, and then performing fuzz testing specific to each path; the monitor comprises a process monitor and a network monitor; the driving module is used for communicating with a to-be-tested target serve, sending test requests and receiving server response messages.
Description
Technical field
The present invention relates to a kind of fuzz testing system having state network agreement, belong to fuzz testing field.
Background technology
Terminological interpretation:
Fuzz testing: fuzz testing is the concrete technology of one of Black-box Testing, more and more comes into one's own in security test.Its principle is input in target program by a large amount of lopsided data, found the security breaches that may exist in tested program by the exception of monitoring tested program.It is a typical automatic or automanual process.
Procotol fuzz testing: procotol refers to the set of the rule must observed during exchange message between the mutual peer-entities communicated in computer network.Require to identify the interface attacked in procotol fuzz testing, variation or generation comprise the fuzzy value of mistake, then these fuzzy values are passed to a target application, and monitor that target application is to find mistake.
There is state network agreement: server, after the request receiving client, can return corresponding response, can by the impact of this request time the state of agreement refers to and asks to respond next time.Server can state after recording responses to have state network agreement namely to require, and can recover this next state.
Fuzz testing framework: fuzz testing framework may be used for the instrument that dissimilar target carries out fuzz testing, which simplify the data presentation technique of the test target of number of different types perhaps.The fuzz testing framework of standard generally comprises Test cases technology, network and disk transfers and script type language three part.
Fuzz testing is a kind of effective method of testing finding security breaches, more and more comes into one's own in security test.Its principle is input in target program by a large amount of lopsided data, found the security breaches that may exist in tested program by the exception of monitoring facilities.Network protocol testing in fuzz testing is the part that security study person is most interested in, not only because the leak found has the degree of danger of higher level usually, but also be widely used in internet communication due to procotol, once be found to there is leak, compromised scope will be very wide.
Fuzz testing is compared with other software test, embodies its core value part and is a large amount of manual tests to be converted into automatic test.Generate single test case be effort and uninteresting, some part wherein is then very suitable for allowing computer automatically generate.The core competitiveness of fuzzy device is exactly that it can when minimum manual intervention, and automation generates the ability of useful test data.
Fuzz testing framework may be used for the instrument that dissimilar target carries out fuzz testing, which simplify the data presentation technique of the test target of number of different types perhaps.The fuzz testing framework of standard comprises three parts: a method base that can cause leak is used for generating fuzz testing use-case; A series of routine is used for simplifying disk input and output and Internet Transmission.There is now the fuzz testing framework of some maturations, as SPIKE, Peach, antiparser, Dfuz etc., but these frameworks have obvious defect at present, as SPIKE is only applicable to linux system, lack the support to windows platform, Peach requires then too harsh and loaded down with trivial details to the description of application scenarios, antiparser can only do a little simple fuzz testing, then cannot process for complicated case, Dfuz lacks the support to windows platform equally, does not also possess intelligent simultaneously.These frameworks cannot test the state conversion process of status protocol simultaneously, as Fig. 1, can only test A, B, C, D state respectively, but cannot to A-B-C or A-C-D process.The i.e. existing fuzz testing framework for procotol, although the leak in protocol realization can be found, but they lack support that is complicated, that have status protocol, their test script can not comprise the whole status switch of message sequence, and the coverage of agreement fuzz testing is sufficiently complete.
Summary of the invention
The invention provides a kind of fuzz testing system having state network agreement, solve conventional network protocols fuzz testing framework lack to complexity, the support issue that has status protocol, and the test script that conventional network protocols fuzz testing framework generates can not comprise the whole status switch of message sequence, the problem that the coverage of agreement fuzz testing is sufficiently complete.
The present invention is achieved through the following technical solutions:
There is a fuzz testing system for state network agreement, comprise data generation module, session management module, watch-dog, driver module; Wherein:
Data generation module is for storing primary data sample, and rule-based tree algorithm carries out obfuscation to initial data, generates fuzz testing use-case; First data generation module obtains primary data sample, and then being represented according to agreement request form becomes a request;
It is a directed acyclic graph that session management module is used for the one or more request connections defined in fuzz testing use-case, each figure has at least one starting point, each node on behalf one request, have multiple possible subsequent request after branching representation one request, namely a paths is a fuzz testing process; A complex protocol is decomposed into multiple independent request process, utilizes the transition diagram of the finite state machine of respective protocol simultaneously, generate the State Transferring path that this agreement is all, then carry out fuzz testing for each paths;
Watch-dog comprises process monitoring device and networkmonitor; Process monitoring device is used for detecting program to be measured and whether occurs mistake, if fuzz testing use-case causes process occur abnormal or collapse, then process monitoring device sends abnormal prompt message; Network monitor is responsible for monitoring network communications, and communication process is recorded in corresponding file, conveniently checks mistake;
Driver module is used for communicating with destination server to be measured, sends test request and reception server response message.
A wherein said request is a data cell in a State Transferring test, comprising multiple data atom, or the data structure of other complexity; Namely the Ordering of one or more request forms a test case of fuzz testing.
Wherein said data generation module is divided into three layers, is respectively original layers, extension layer and generation layer; Original layers is original data type, comprises integer, floating number, character basic data type; The base data type that extension layer provides in original layers is integrated, and simultaneously for different agreement provides different block data structures, facilitates user to define initial data; The fuzz testing use-case generating algorithm generating test use case that generation layer utilizes the procotol based on state machine partly to legalize, this algorithm is according to procotol stipulations, extract procotol relevant information and analysis protocol form, build procotol state machine and the procotol rule tree based on finite state machine, utilize the mark in State Transferring path to reduce the reduction of fuzz testing use-case scale simultaneously.
Wherein said session management module be divided into basal layer and protocol layer two-layer; Conversation class based on basal layer; Protocol layer for the corresponding state machine of different protocol definitions, and generates corresponding conversation procedure according to state machine.
Wherein said watch-dog is divided into process monitoring device, networkmonitor, virtual machine controller three monitoring tools, operates on same computer, be called tested machine with program to be measured.
Beneficial effect of the present invention:
4 modules such as data genaration, session management, driving, watch-dog are divided in the present invention.Wherein, data generation module is different data blocks according to different protocol definitions, the algorithm of a kind of rule-based tree are carried out obfuscation to initial data simultaneously, simplify the operation of framework user person; The state machine of different agreement encapsulates by session management administration module, thus solves conventional frame and test insufficient problem in protocol status transfer process, also makes the present invention be applicable to different various protocols simultaneously.
Accompanying drawing explanation
Fig. 1 is State Transferring path schematic diagram in background technology;
A kind of fuzz testing system architecture diagram having state network agreement of Fig. 2 the present invention;
Fig. 3 is data generation module structured flowchart of the present invention;
Fig. 4 is session management module structured flowchart of the present invention;
Fig. 5 is protocol status transition diagram in the specific embodiment of the invention;
Fig. 6 is conversation procedure schematic diagram in the specific embodiment of the invention;
Fig. 7 is monitor module structured flowchart of the present invention.
Embodiment
A kind of procotol fuzz testing framework SulleyEX based on finite state machine that illustrates below is next, and the present invention will be described in detail.
SulleyEX to the deficiency having status protocol State Transferring to test, and according to there being the feature of state network agreement, proposes a kind of fuzz testing framework based on finite state machine for existing instrument.SulleyEX is mainly divided into test and auxiliary two parts, and part of detecting is primarily of data generation module and session management module composition, and slave part forms, as Fig. 2 primarily of watch-dog and driver module.
1. data generation module
Data generation module stores primary data sample, and carry out obfuscation based on the rule-based tree algorithm of one to initial data, and generate fuzz testing use-case.First data generation module will obtain primary data sample, and then being represented according to agreement request form becomes a request.Request is a data cell in a State Transferring test, wherein can comprise multiple data atom, as integer, floating number, character string etc., also may comprise complicated data structure, as data block, data group etc.Namely the Ordering of one or more request forms a test case of fuzz testing.(as Fig. 3).
Data generation module is divided into three layers, is respectively original layers, extension layer and generation layer.Original layers is original data type, comprises the basic data types such as integer, floating number, character.Extension layer is that the base data type provided in original layers is integrated, and simultaneously for different agreement provides different block data structures, facilitates user to define initial data, the structure type of this similar in object oriented language.Block data structure starts with s_block_start (), terminates with s_block_end ().
The fuzz testing use-case generating algorithm generating test use case that generation layer utilizes the procotol based on state machine partly to legalize, this algorithm is according to procotol stipulations, extract procotol relevant information and analysis protocol form, build procotol state machine and the procotol rule tree based on finite state machine, utilize the mark in State Transferring path to reduce the reduction of fuzz testing use-case scale simultaneously.
2. session management module
The work of session management module is a directed acyclic graph by the one or more request connections defined in test case, each figure has at least one starting point, each node on behalf one request in figure, has multiple possible subsequent request after the branching representation in figure one request.Namely a paths in figure is a fuzz testing process.A complex protocol can be decomposed into multiple independent request process by such method, utilizes the transition diagram of the finite state machine of respective protocol simultaneously, can generate the State Transferring path that this agreement is all, then carry out fuzz testing for each paths.Get final product all paths of complete covering by such method, provide complete test coverage.(as Fig. 4)
Session management module be divided into basal layer and protocol layer two-layer.Basal layer is the conversation class on some bases, as the connection class be connected with server, describes the target class of test target, the handler class etc. that process is abnormal.For the corresponding state machine of different protocol definitions in protocol layer, as SMTP, SIP, File Transfer Protocol etc., and generate corresponding conversation procedure according to state machine.Suppose that certain has status protocol state conversion process as Fig. 5, choose a wherein bar state transduction pathway, as S1 → S2 → S4, State Transferring (as S1 → S2) process on this path is a Request, in test process, data generation module carries out obfuscation by the form of Request or content, generate multiple Request, due to a Request only corresponding Session of a variation, therefore, in test process, namely the conversion of S1 → S2 has multiple conversation procedure (as Fig. 6).
3. monitor module
Monitor module and driver module constitute the slave part of framework.Driver module mainly communicates with destination server to be measured, sends test request and reception server response message.Monitor module is divided into process monitoring device, networkmonitor, virtual machine controller three monitoring tools (as Fig. 7).These watch-dogs must operate on same computer with program to be measured, are called tested machine.And data genaration and session management and drive part may operate on another computer, are called test machine.
Claims (5)
1. there is a fuzz testing system for state network agreement, it is characterized in that, comprise data generation module, session management module, watch-dog, driver module; Wherein:
Data generation module is for storing primary data sample, and rule-based tree algorithm carries out obfuscation to initial data, generates fuzz testing use-case; First data generation module obtains primary data sample, and then being represented according to agreement request form becomes a request;
It is a directed acyclic graph that session management module is used for the one or more request connections defined in fuzz testing use-case, each figure has at least one starting point, each node on behalf one request, have multiple possible subsequent request after branching representation one request, namely a paths is a fuzz testing process; A complex protocol is decomposed into multiple independent request process, utilizes the transition diagram of the finite state machine of respective protocol simultaneously, generate the State Transferring path that this agreement is all, then carry out fuzz testing for each paths;
Watch-dog comprises process monitoring device and networkmonitor; Process monitoring device is used for detecting program to be measured and whether occurs mistake, if fuzz testing use-case causes process occur abnormal or collapse, then process monitoring device sends abnormal prompt message; Network monitor is responsible for monitoring network communications, and communication process is recorded in corresponding file, conveniently checks mistake;
Driver module is used for communicating with destination server to be measured, sends test request and reception server response message.
2. a kind of fuzz testing system having state network agreement as claimed in claim 1, is characterized in that, a wherein said request is a data cell in a State Transferring test, comprising multiple data atom, or the data structure of other complexity; Namely the Ordering of one or more request forms a test case of fuzz testing.
3. a kind of fuzz testing system having state network agreement as claimed in claim 1 or 2, it is characterized in that, wherein said data generation module is divided into three layers, is respectively original layers, extension layer and generation layer; Original layers is original data type, comprises integer, floating number, character basic data type; The base data type that extension layer provides in original layers is integrated, and simultaneously for different agreement provides different block data structures, facilitates user to define initial data; The fuzz testing use-case generating algorithm generating test use case that generation layer utilizes the procotol based on state machine partly to legalize, this algorithm is according to procotol stipulations, extract procotol relevant information and analysis protocol form, build procotol state machine and the procotol rule tree based on finite state machine, utilize the mark in State Transferring path to reduce the reduction of fuzz testing use-case scale simultaneously.
4. a kind of fuzz testing system having state network agreement as claimed in claim 1 or 2, is characterized in that, wherein said session management module be divided into basal layer and protocol layer two-layer; Conversation class based on basal layer; Protocol layer for the corresponding state machine of different protocol definitions, and generates corresponding conversation procedure according to state machine.
5. a kind of fuzz testing system having state network agreement as claimed in claim 1 or 2, it is characterized in that, wherein said watch-dog is divided into process monitoring device, networkmonitor, virtual machine controller three monitoring tools, operates on same computer, be called tested machine with program to be measured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510219969.2A CN104796240B (en) | 2015-04-30 | 2015-04-30 | A kind of fuzz testing system of stateful procotol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510219969.2A CN104796240B (en) | 2015-04-30 | 2015-04-30 | A kind of fuzz testing system of stateful procotol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104796240A true CN104796240A (en) | 2015-07-22 |
| CN104796240B CN104796240B (en) | 2018-06-05 |
Family
ID=53560775
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510219969.2A Active CN104796240B (en) | 2015-04-30 | 2015-04-30 | A kind of fuzz testing system of stateful procotol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104796240B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763392A (en) * | 2016-02-19 | 2016-07-13 | 中国人民解放军理工大学 | Industrial control protocol fuzzing test method based on protocol state |
| CN106484611A (en) * | 2015-09-02 | 2017-03-08 | 腾讯科技(深圳)有限公司 | Fuzz testing method and apparatus based on automation protocol adaptation |
| CN107046526A (en) * | 2016-12-28 | 2017-08-15 | 北京邮电大学 | Distributed heterogeneous network hole method for digging based on Fuzzing algorithms |
| CN109347696A (en) * | 2018-09-30 | 2019-02-15 | 中国人民解放军国防科技大学 | Network protocol fuzzy test method based on hierarchical variation |
| CN109525457A (en) * | 2018-11-14 | 2019-03-26 | 中国人民解放军陆军工程大学 | A kind of network protocol fuzz testing method based on state transition traversal |
| CN110661778A (en) * | 2019-08-14 | 2020-01-07 | 中国电力科学研究院有限公司 | Method and system for testing industrial control network protocol based on reverse analysis fuzzy |
| CN111628900A (en) * | 2019-02-28 | 2020-09-04 | 西门子股份公司 | Fuzzy test method and device based on network protocol and computer readable medium |
| CN112905493A (en) * | 2021-04-07 | 2021-06-04 | 南京大学 | Structured fuzzy test method based on conversion test |
| CN113709126A (en) * | 2021-08-18 | 2021-11-26 | 深圳开源互联网安全技术有限公司 | Network protocol security fuzzy test method, device, equipment and storage medium |
| CN113760753A (en) * | 2021-08-19 | 2021-12-07 | 东北大学 | QUIC protocol testing method based on gray box fuzzy technology |
| US11397664B2 (en) | 2019-11-11 | 2022-07-26 | Institute For Information Industry | System and method for producing test data |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7310606B2 (en) * | 2006-05-12 | 2007-12-18 | Harris Corporation | Method and system for generating an image-textured digital surface model (DSM) for a geographical area of interest |
| CN102087631A (en) * | 2011-03-09 | 2011-06-08 | 中国人民解放军国发科学技术大学 | Method for realizing fuzzing of software on the basis of state protocol |
| CN104142888A (en) * | 2014-07-14 | 2014-11-12 | 北京理工大学 | Regularization state machine model design method with stateful protocol |
-
2015
- 2015-04-30 CN CN201510219969.2A patent/CN104796240B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7310606B2 (en) * | 2006-05-12 | 2007-12-18 | Harris Corporation | Method and system for generating an image-textured digital surface model (DSM) for a geographical area of interest |
| CN102087631A (en) * | 2011-03-09 | 2011-06-08 | 中国人民解放军国发科学技术大学 | Method for realizing fuzzing of software on the basis of state protocol |
| CN104142888A (en) * | 2014-07-14 | 2014-11-12 | 北京理工大学 | Regularization state machine model design method with stateful protocol |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106484611A (en) * | 2015-09-02 | 2017-03-08 | 腾讯科技(深圳)有限公司 | Fuzz testing method and apparatus based on automation protocol adaptation |
| CN105763392A (en) * | 2016-02-19 | 2016-07-13 | 中国人民解放军理工大学 | Industrial control protocol fuzzing test method based on protocol state |
| CN105763392B (en) * | 2016-02-19 | 2019-03-08 | 中国人民解放军理工大学 | A kind of industry control agreement fuzz testing method based on protocol status |
| CN107046526A (en) * | 2016-12-28 | 2017-08-15 | 北京邮电大学 | Distributed heterogeneous network hole method for digging based on Fuzzing algorithms |
| CN109347696A (en) * | 2018-09-30 | 2019-02-15 | 中国人民解放军国防科技大学 | Network protocol fuzzy test method based on hierarchical variation |
| CN109347696B (en) * | 2018-09-30 | 2020-10-20 | 中国人民解放军国防科技大学 | Network protocol fuzzy test method based on hierarchical variation |
| CN109525457A (en) * | 2018-11-14 | 2019-03-26 | 中国人民解放军陆军工程大学 | A kind of network protocol fuzz testing method based on state transition traversal |
| CN109525457B (en) * | 2018-11-14 | 2020-08-04 | 中国人民解放军陆军工程大学 | Network protocol fuzzy test method based on state transition traversal |
| CN111628900A (en) * | 2019-02-28 | 2020-09-04 | 西门子股份公司 | Fuzzy test method and device based on network protocol and computer readable medium |
| CN111628900B (en) * | 2019-02-28 | 2023-08-29 | 西门子股份公司 | Fuzzy test method, device and computer readable medium based on network protocol |
| CN110661778A (en) * | 2019-08-14 | 2020-01-07 | 中国电力科学研究院有限公司 | Method and system for testing industrial control network protocol based on reverse analysis fuzzy |
| US11397664B2 (en) | 2019-11-11 | 2022-07-26 | Institute For Information Industry | System and method for producing test data |
| TWI781354B (en) * | 2019-11-11 | 2022-10-21 | 財團法人資訊工業策進會 | System and method for producing test data |
| CN112905493A (en) * | 2021-04-07 | 2021-06-04 | 南京大学 | Structured fuzzy test method based on conversion test |
| CN112905493B (en) * | 2021-04-07 | 2023-07-18 | 南京大学 | Structured fuzzy test method based on conversion test |
| CN113709126A (en) * | 2021-08-18 | 2021-11-26 | 深圳开源互联网安全技术有限公司 | Network protocol security fuzzy test method, device, equipment and storage medium |
| CN113760753A (en) * | 2021-08-19 | 2021-12-07 | 东北大学 | QUIC protocol testing method based on gray box fuzzy technology |
| CN113760753B (en) * | 2021-08-19 | 2023-07-18 | 东北大学 | QUIC protocol testing method based on gray box blurring technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104796240B (en) | 2018-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104796240A (en) | Fuzz testing system for stateful network protocol | |
| CN106095677B (en) | The RESTful Webservice automatic interface testing methods realized based on Robot Framework | |
| WO2017000424A1 (en) | Protocol detection method and apparatus | |
| CN109714221B (en) | Method, device and system for determining network data packet | |
| US9325603B2 (en) | Network performance estimating apparatus and network performance estimating method, network configuration checking method, communication managing apparatus, and data communication method | |
| CN104579822A (en) | Automatic performance test system and method of mobile application based on Http protocol | |
| CN108092854B (en) | Test method and device for train-level Ethernet equipment based on IEC61375 protocol | |
| CN108459850B (en) | Method, device and system for generating test script | |
| CN113572726B (en) | Multimode network control-data plane consistency verification method and device | |
| CN105162646A (en) | Multi-protocol interface test system and method | |
| CN116821001B (en) | Verification method and device of input/output subsystem, electronic equipment and medium | |
| CN106330483A (en) | Information acquiring method, client device and server device | |
| CN107070752A (en) | A kind of method of testing and test system of long connection capacity | |
| CN101252477B (en) | Determining method and analyzing apparatus of network fault root | |
| CN103684890B (en) | Server stress method of testing and system | |
| CN104950832B (en) | Steel plant's control system | |
| JP4257364B2 (en) | COMMUNICATION ERROR INFORMATION OUTPUT PROGRAM, COMMUNICATION ERROR INFORMATION OUTPUT METHOD, AND COMMUNICATION ERROR INFORMATION OUTPUT DEVICE | |
| CN110868341A (en) | In-place protection intelligent management unit testing method and device | |
| Hine et al. | Scalable emulation of enterprise systems | |
| CN113347060B (en) | Method, device and system for detecting power network fault based on process automation | |
| CN115118646A (en) | Data interaction method and device for switch test system and electronic equipment | |
| CN104683183B (en) | A kind of investigating method and system | |
| CN103856373A (en) | Web system robustness testing method based on HTTP mutation | |
| CN110224892A (en) | A kind of computer network automatic check method, system and storage medium | |
| CN110377463A (en) | Interface test method, device, terminal and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |