CN104796240B - A kind of fuzz testing system of stateful procotol - Google Patents
A kind of fuzz testing system of stateful procotol Download PDFInfo
- Publication number
- CN104796240B CN104796240B CN201510219969.2A CN201510219969A CN104796240B CN 104796240 B CN104796240 B CN 104796240B CN 201510219969 A CN201510219969 A CN 201510219969A CN 104796240 B CN104796240 B CN 104796240B
- Authority
- CN
- China
- Prior art keywords
- fuzz testing
- procotol
- data
- request
- stateful
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/24—Testing correct operation
Abstract
The present invention provides a kind of fuzz testing system of stateful procotol, solves the support issue that conventional network protocols fuzz testing frame lacks to complexity, stateful agreement.Including data generation module, session management module, monitor, drive module;Wherein:Data generation module is for storing primary data sample, and rule-based tree algorithm is blurred initial data, generates fuzz testing use-case;Session management module is used to one or more requests defined in fuzz testing use-case being connected as a directed acyclic graph, then carries out fuzz testing for each paths;Monitor includes process monitoring device and networkmonitor;Drive module is used to simultaneously receive server response message with object to be measured server communication, transmission test request.
Description
Technical field
The present invention relates to a kind of fuzz testing systems of stateful procotol, belong to fuzz testing field.
Background technology
Term is explained:
Fuzz testing:Fuzz testing is a kind of particular technique of Black-box Testing, and weight is increasingly subject in security test
Depending on.Its principle is that substantial amounts of lopsided data are input in target program, and quilt is found by monitoring the exception of tested program
Security breaches that may be present in ranging sequence.It is a typical process automatically or semi-automatically.
Procotol fuzz testing:Procotol refers to exchange information between the peer-entities communicated in computer network
When had to comply with rule set.The interface of requirement identification attack in procotol fuzz testing, becomes exclusive or generation bag
Then these fuzzy values are passed to an intended application, and monitor intended application to find mistake by the fuzzy value containing mistake.
Stateful procotol:Server can return to corresponding response, the shape of agreement after the request of client is received
State refers to ask to be influenced by this request when response next time.Stateful procotol requires server that can remember
State after record response, and this next state can be recovered.
Fuzz testing frame:Fuzz testing frame can be used for the instrument that different type target carries out fuzz testing, it
Simplify the data presentation technique of many kinds of different types of test targets.The fuzz testing frame of standard generally comprises test and uses
Example generation, network and disk transfers and script speech like sound three parts.
Fuzz testing is a kind of effective test method for finding security breaches, and weight is increasingly subject in security test
Depending on.Its principle is that substantial amounts of lopsided data are input in target program, is found by the exception of monitoring program by ranging
Security breaches that may be present in sequence.Network protocol testing in fuzz testing is that security study person comes most interested part,
Not only due to the loophole found usually has the degree of danger of higher level, but also since procotol is in internet communication
In be widely used, once being found there are loophole, compromised scope will be very wide.
Fuzz testing is compared with other software tests, is embodied its core value part and is largely can by hand survey
Preliminary operation turns to automatic test.It is laborious and uninteresting to generate single test case, and some parts therein are then very suitable for
It is automatically generated in allowing computer.The core competitiveness of fuzzy device is exactly that it can be in the case of minimum manual intervention, automatically
Metaplasia is into the ability of useful test data.
Fuzz testing frame can be used for the instrument that different type target carries out fuzz testing, it simplifies many kinds not
The data presentation technique of the test target of same type.The fuzz testing frame of standard includes three parts:One can trigger leakage
The method base in hole is used for generating fuzz testing use-case;A series of routines are used for simplifying disk input and output and network transmission.Now
There are some ripe fuzz testing frames, such as SPIKE, Peach, antiparser, Dfuz, but these frames at present
The defects of apparent is suffered from, if SPIKE is only applicable to linux system, lacks the support to windows platform, Peach is corresponded to
Then excessively harsh with cumbersome with the description requirement of scene, antiparser can only do a little simple fuzz testings, for complicated feelings
Shape can not then be handled, and Dfuz equally lacks the support to windows platform, while does not possess also intelligent.These frames simultaneously
The state conversion process of stateful agreement, such as Fig. 1 can not be tested, A, B, C, D-state can only be tested respectively, but can not be to A-B-
C or A-C-D processing.The i.e. existing fuzz testing frame for procotol, although it can be found that leakage in protocol realization
Hole, but they lack the support to complicated, stateful agreement, their test script cannot include the entire shape of message sequence
State sequence, and the coverage of agreement fuzz testing is sufficiently complete.
The content of the invention
The present invention provides a kind of fuzz testing system of stateful procotol, solves conventional network protocols fuzz testing
Frame lacks the support issue of to complexity, stateful agreement and the test of conventional network protocols fuzz testing frame generation
The problem of script cannot include the entire status switch of message sequence, and the coverage of agreement fuzz testing is sufficiently complete.
The invention is realized by the following technical scheme:
A kind of fuzz testing system of stateful procotol, including data generation module, session management module, monitoring
Device, drive module;Wherein:
Data generation module is for storing primary data sample, and rule-based tree algorithm obscures initial data
Change, generate fuzz testing use-case;Data generation module obtains primary data sample first, then according to agreement request form by its
It represents to become a request;
Session management module is used to one or more requests defined in fuzz testing use-case being connected as an oriented nothing
Ring figure, each figure have at least one starting point, and each one request of node on behalf, there are many can after one request of branching representation
The subsequent request of energy, a paths are a fuzz testing process;One complex protocol is decomposed into multiple individual requests
Process, while the transition diagram of the finite state machine using respective protocol, generate all state transition paths of the agreement, Ran Houzhen
Fuzz testing is carried out to each paths;
Monitor includes process monitoring device and networkmonitor;Process monitoring device is made whether out for detecting program to be measured
Existing mistake, if fuzz testing use-case, which triggers process abnormal or collapse, process monitoring device occur, sends abnormal prompt message;Net
Network monitor is responsible for monitoring network communications, and communication process is recorded in corresponding file, facilitates inspection mistake;
Drive module is used to simultaneously receive server response message with object to be measured server communication, transmission test request.
The wherein described request is a data cell in a state transition test, including multiple data
Atom or other complicated data structures;The Ordering of one or more request is that a test of composition fuzz testing is used
Example.
The wherein described data generation module is divided into three layers, is respectively original layers, extension layer and generation layer;Original layers are original
Beginning data type, including integer, floating number, character basic data type;The base data type that extension layer is provided in original layers
It is integrated, while different block data structures is provided for different agreement, user is facilitated to define initial data;Generation layer utilizes base
Test case is generated in the fuzz testing use-case generating algorithm that the procotol of state machine partly legalizes, which assists according to network
Stipulations, extraction procotol relevant information and analysis protocol form are discussed, builds procotol state machine and based on finite state
The procotol rule tree of machine, while reduce fuzz testing use-case scale using the mark to state transition path.
The wherein described session management module is divided into two layers of basal layer and protocol layer;Conversation class based on basal layer;Association
Layer is discussed for the different corresponding state machines of protocol definition, and corresponding conversation procedure is generated according to state machine.
The wherein described monitor is divided into three process monitoring device, networkmonitor, virtual machine controller monitoring tools, with
Program to be measured is operated on same computer, referred to as tested machine.
Beneficial effects of the present invention:
It is divided into 4 modules such as data generation, session management, driving, monitor in the present invention.Wherein, data generation module
The different data block according to different protocol definitions, while a kind of algorithm of rule-based tree obscures initial data
Change, simplify the operation of frame user person;The state machine of different agreement is packaged by session management management module, so as to solve
Conventional frame also makes to present invention can be suitably applied to different a variety of associations to testing the problem of insufficient in protocol status transfer process
View.
Description of the drawings
Fig. 1 is state transition path schematic diagram in background technology;
A kind of fuzz testing system architecture diagram of stateful procotol of Fig. 2 present invention;
Fig. 3 is data generation module structure diagram of the present invention;
Fig. 4 is session management module structure diagram of the present invention;
Fig. 5 is protocol status transition diagram in the specific embodiment of the invention;
Fig. 6 is conversation procedure schematic diagram in the specific embodiment of the invention;
Fig. 7 is monitor module structure diagram of the present invention.
Specific embodiment
A kind of procotol fuzz testing frame SulleyEX based on finite state machine is illustrated below to make to the present invention
Detailed introduction.
SulleyEX is assisted for existing instrument to the deficiency of stateful protocol status conversion testing, and according to stateful network
The characteristics of view, proposes a kind of fuzz testing frame based on finite state machine.SulleyEX is broadly divided into test and auxiliary two
Point, part of detecting is mainly made of data generation module and session management module, and slave part is mainly by monitor and driving mould
Block forms, such as Fig. 2.
1. data generation module
Data generation module is storage primary data sample, and initial data is carried out based on a kind of rule-based tree algorithm
Blurring, and generate fuzz testing use-case.Data generation module first has to obtain primary data sample, then according to agreement request
Form is represented to become a request.One request is a data cell in a state transition test, wherein can wrap
Include multiple data atoms, such as integer, floating number, character string, it is also possible to including complicated data structure, such as data block, data
Group etc..The Ordering of one or more request is a test case for forming fuzz testing.(such as Fig. 3).
Data generation module is divided into three layers, is respectively original layers, extension layer and generation layer.Original layers are initial data class
Type, including basic data types such as integer, floating number, characters.Extension layer is that the base data type provided in original layers carries out
Integrate, while different block data structures provided for different agreement, user is facilitated to define initial data, the structure similar to towards
Structure type in object language.Block data structure is started with s_block_start (), is terminated with s_block_end ().
The fuzz testing use-case generating algorithm generation test that generation layer is partly legalized using the procotol based on state machine
Use-case, the algorithm build procotol shape according to procotol stipulations, extraction procotol relevant information and analysis protocol form
State machine and the procotol rule tree based on finite state machine, while reduced using the mark to state transition path fuzzy
Test case scale.
2. session management module
The work of session management module is that one or more requests defined in test case are connected as an oriented nothing
Ring figure, each figure have at least one starting point, each one request of node on behalf in figure, and the branching representation one in figure asks it
There are many possible subsequent requests afterwards.A paths in figure are a fuzz testing process.Such method can be by one
A complex protocol is decomposed into multiple individual request process, while the transition diagram of the finite state machine using respective protocol, can give birth to
Then the state transition path all into the agreement carries out fuzz testing for each paths.By such method
All paths are completely covered, provide complete test coverage.(such as Fig. 4)
Session management module is divided into two layers of basal layer and protocol layer.Basal layer be some basic conversation class, such as with service
The connection classes of device connection, describe the target classes of test target, handle abnormal handler classes etc..Pin in protocol layer
To the corresponding state machine of different protocol definitions, such as SMTP, SIP, File Transfer Protocol, and generated according to state machine corresponding
Conversation procedure.Assuming that certain stateful protocol status transfer process such as Fig. 5.Choose a wherein bar state transduction pathway, as S1 →
S2 → S4, state transition (such as S1 → S2) process on the path are a Request, during the test, data generation mould
Block will be blurred the form of Request or content, generate multiple Request, due to Request of a variation
A corresponding Session, therefore during the test, the conversion of S1 → S2 has multiple conversation procedures (such as Fig. 6).
3. monitor module
Monitor module and drive module constitute the slave part of frame.Drive module mainly with object to be measured server
Communication sends test request and receives server response message.Monitor module is divided into process monitoring device, networkmonitor, void
Intend three monitoring tools (such as Fig. 7) of machine controller.These monitors must be operated in program to be measured on same computer, claimed
To be tested machine.And data generation and session management may operate in drive part on another computer, be known as test machine.
Claims (4)
1. a kind of fuzz testing system of stateful procotol, which is characterized in that including data generation module, session management mould
Block, monitor, drive module;Wherein:
Data generation module is for storing primary data sample, and rule-based tree algorithm is blurred initial data, raw
Into fuzz testing use-case;Data generation module obtains primary data sample first, is then represented according to agreement request form
As a request;
Session management module is divided into two layers of basal layer and protocol layer;Conversation class based on basal layer;Protocol layer is for different
The corresponding state machine of protocol definition, and corresponding conversation procedure is generated according to state machine;Session management module is used to survey fuzzy
One or more requests defined in example on probation are connected as a directed acyclic graph, each figure has at least one starting point, each
One request of node on behalf, there are many possible subsequent request after one request of branching representation, a paths are a mould
Paste test process;One complex protocol is decomposed into multiple individual request process, while utilizes the finite state of respective protocol
The transition diagram of machine generates all state transition paths of the agreement, then carries out fuzz testing for each paths;
Monitor includes process monitoring device and networkmonitor;Process monitoring device is made whether mistake occur for detecting program to be measured
By mistake, if fuzz testing use-case, which triggers process abnormal or collapse, process monitoring device occur, sends abnormal prompt message;Network is supervised
Visual organ is responsible for monitoring network communications, and communication process is recorded in corresponding file, facilitates inspection mistake;
Drive module is used to simultaneously receive server response message with object to be measured server communication, transmission test request.
2. a kind of fuzz testing system of stateful procotol as described in claim 1, which is characterized in that wherein described
One request is a data cell in the test of state transition, and including multiple data atoms or other are complicated
Data structure;The Ordering of one or more request is a test case for forming fuzz testing.
A kind of 3. fuzz testing system of stateful procotol as claimed in claim 1 or 2, which is characterized in that wherein institute
The data generation module stated is divided into three layers, is respectively original layers, extension layer and generation layer;Original layers are original data type, bag
Include integer, floating number, character basic data type;Extension layer is integrated in the base data type that original layers provide, simultaneously
Different block data structures for different agreement is provided, user is facilitated to define initial data;Generation layer utilizes the net based on state machine
The fuzz testing use-case generating algorithm generation test case that network agreement partly legalizes, the algorithm is according to procotol stipulations, extraction
Procotol relevant information and analysis protocol form build procotol state machine and the procotol based on finite state machine
Rule tree, while reduce fuzz testing use-case scale using the mark to state transition path.
A kind of 4. fuzz testing system of stateful procotol as claimed in claim 1 or 2, which is characterized in that wherein institute
The monitor stated is divided into three process monitoring device, networkmonitor, virtual machine controller monitoring tools, is operated in program to be measured
On same computer, referred to as tested machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510219969.2A CN104796240B (en) | 2015-04-30 | 2015-04-30 | A kind of fuzz testing system of stateful procotol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510219969.2A CN104796240B (en) | 2015-04-30 | 2015-04-30 | A kind of fuzz testing system of stateful procotol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104796240A CN104796240A (en) | 2015-07-22 |
| CN104796240B true CN104796240B (en) | 2018-06-05 |
Family
ID=53560775
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510219969.2A Active CN104796240B (en) | 2015-04-30 | 2015-04-30 | A kind of fuzz testing system of stateful procotol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104796240B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106484611B (en) * | 2015-09-02 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Fuzzy test method and device based on automatic protocol adaptation |
| CN105763392B (en) * | 2016-02-19 | 2019-03-08 | 中国人民解放军理工大学 | A kind of industry control agreement fuzz testing method based on protocol status |
| CN107046526A (en) * | 2016-12-28 | 2017-08-15 | 北京邮电大学 | Distributed heterogeneous network hole method for digging based on Fuzzing algorithms |
| CN109347696B (en) * | 2018-09-30 | 2020-10-20 | 中国人民解放军国防科技大学 | Network protocol fuzzy test method based on hierarchical variation |
| CN109525457B (en) * | 2018-11-14 | 2020-08-04 | 中国人民解放军陆军工程大学 | Network protocol fuzzy test method based on state transition traversal |
| CN111628900B (en) * | 2019-02-28 | 2023-08-29 | 西门子股份公司 | Fuzzy test method, device and computer readable medium based on network protocol |
| CN110661778A (en) * | 2019-08-14 | 2020-01-07 | 中国电力科学研究院有限公司 | Method and system for testing industrial control network protocol based on reverse analysis fuzzy |
| TWI781354B (en) | 2019-11-11 | 2022-10-21 | 財團法人資訊工業策進會 | System and method for producing test data |
| CN112905493B (en) * | 2021-04-07 | 2023-07-18 | 南京大学 | Structured fuzzy test method based on conversion test |
| CN113709126A (en) * | 2021-08-18 | 2021-11-26 | 深圳开源互联网安全技术有限公司 | Network protocol security fuzzy test method, device, equipment and storage medium |
| CN113760753B (en) * | 2021-08-19 | 2023-07-18 | 东北大学 | QUIC protocol testing method based on gray box blurring technology |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7310606B2 (en) * | 2006-05-12 | 2007-12-18 | Harris Corporation | Method and system for generating an image-textured digital surface model (DSM) for a geographical area of interest |
| CN102087631A (en) * | 2011-03-09 | 2011-06-08 | 中国人民解放军国发科学技术大学 | Method for realizing fuzzing of software on the basis of state protocol |
| CN104142888A (en) * | 2014-07-14 | 2014-11-12 | 北京理工大学 | Regularization state machine model design method with stateful protocol |
-
2015
- 2015-04-30 CN CN201510219969.2A patent/CN104796240B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7310606B2 (en) * | 2006-05-12 | 2007-12-18 | Harris Corporation | Method and system for generating an image-textured digital surface model (DSM) for a geographical area of interest |
| CN102087631A (en) * | 2011-03-09 | 2011-06-08 | 中国人民解放军国发科学技术大学 | Method for realizing fuzzing of software on the basis of state protocol |
| CN104142888A (en) * | 2014-07-14 | 2014-11-12 | 北京理工大学 | Regularization state machine model design method with stateful protocol |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104796240A (en) | 2015-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104796240B (en) | A kind of fuzz testing system of stateful procotol | |
| CN109714221B (en) | Method, device and system for determining network data packet | |
| WO2017000424A1 (en) | Protocol detection method and apparatus | |
| CN108092854B (en) | Test method and device for train-level Ethernet equipment based on IEC61375 protocol | |
| US10437717B2 (en) | Defect reporting in application testing | |
| TW201032529A (en) | Test apparatus and testing method | |
| CN108459850B (en) | Method, device and system for generating test script | |
| CN107908420A (en) | A kind of code process method, apparatus and system | |
| Pfrang et al. | Advancing Protocol Fuzzing for Industrial Automation and Control Systems. | |
| CN110532779A (en) | A kind of method, apparatus of Hole Detection, terminal and storage medium | |
| CN106815137A (en) | Ui testing method and apparatus | |
| CN101252477B (en) | Determining method and analyzing apparatus of network fault root | |
| JP2004505364A (en) | Remote diagnosis method of industrial technical process | |
| WO2023280117A1 (en) | Indication signal recognition method and device, and computer storage medium | |
| CN115934513A (en) | Demand analysis and test design adaptation method, device, equipment and medium | |
| CN113347060B (en) | Method, device and system for detecting power network fault based on process automation | |
| CN106294146B (en) | Parameter replacement test method and device | |
| CN108874646A (en) | The method and apparatus for analyzing data | |
| CN104468196B (en) | Virtual network method for diagnosing faults and device based on evidence screening | |
| CN106649352A (en) | Data processing method and apparatus | |
| WO2020057104A1 (en) | Method and device for application development | |
| JP6343625B2 (en) | Estimation apparatus and estimation method | |
| CN106979794B (en) | Sensor testing method and device | |
| CN110224892A (en) | A kind of computer network automatic check method, system and storage medium | |
| WO2019227463A1 (en) | Method and system for cash register to test kitchen printing function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |