CN105447389A - Vulnerability location and rapid reproduction based on Peach platform - Google Patents
Vulnerability location and rapid reproduction based on Peach platform Download PDFInfo
- Publication number
- CN105447389A CN105447389A CN201510771773.4A CN201510771773A CN105447389A CN 105447389 A CN105447389 A CN 105447389A CN 201510771773 A CN201510771773 A CN 201510771773A CN 105447389 A CN105447389 A CN 105447389A
- Authority
- CN
- China
- Prior art keywords
- peach
- leak
- location
- platform
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention discloses a vulnerability location and rapid reproduction method based on a Peach platform. The method comprises: describing an operating mechanism of a Peach platform (3. 0. 202) and a detection principle of Monitor; adding, based on original functions, functions of vulnerability location and rapid reproduction; and elaborating details of expanding a Peach source code. In a process of performing Fuzz on a target, the Monitor detects an operating state of the target all the time, and once an abnormality occurs, a console will output abnormal state information; in order to more quickly and accurately determine a position of a malformed data packet that causes the target to be abnormal, a location algorithm module is extended, thereby implementing the function of vulnerability location; and a ''-- range M, N'' (wherein N>=M) command can be called and a specified malformed data message can be directly used to perform a directed test on the target, thereby implementing rapid reproduction of the vulnerability. According to the vulnerability location and rapid reproduction method based on a Peach platform provided by the present invention, vulnerability location and rapid reproduction are implemented and the method is simple and effective, thereby facilitating operations.
Description
Technical field
The present invention relates to field of computer technology, refer to the Fuzz field tests in bug excavation technology especially, for Peach fuzz testing platform adds the method for leak location and fast playback
Background technology
The flourish main cause being information-based application and can so enriching of software industry, but also bring the surge of software vulnerability quantity simultaneously, in recent years, the significant information security incident caused by malicious exploitation due to software vulnerability gets more and more, therefore, the leak of discovering device or software in advance, will play good action to harm, the reduction infosystem operation cost reducing leak.Utilizing Fuzz measuring technology to carry out bug excavation is the one strategy that current industry member generally adopts.
Can be used as the fuzz testing framework of increasing income of bug excavation at present, it represents instrument SPIKE, AutoDafe, GPF and Peach etc.SPIKE adopts C language to write, and it provides an API for developing network agreement fuzzy device fast and effectively but the support lacked Microsoft Windows; AutoDafe can be described to the regeneration product of SPIKE, is used to carry out fuzz testing to procotol and file layout, but lacks some application that may limit this framework to the support of Microsoft Windows; GPF is designed to a general fuzzy device, different with SPIKE, and it can generate the variation of unlimited amount, but due to its complicacy had, the learning curve grasped required for GPF is very very long; Peach is an evincible fuzz testing framework the most flexibly, and farthest facilitates reusing of code.
Peach is one and observes MIT and to increase income the fuzz testing framework of licence, and the fuzz testing framework available with other is compared, and Peach is a framework the most flexibly, and facilitates reusing of code to the full extent.Peach framework allows researcher to pay close attention to the independent subdivision of a given object, and then the fuzzy device that the establishment one that they combined is complete.In the whole process of test, Peach and Monitor maintains the control to equipment under test or software alternately, and accepts the information about equipment under test or software current state.User needs to specify Peach monitor process (start/stop) for Monitor and monitor tested program.After each iteration, Peach asks Monitor detection, and whether wrong (typical mistake is program crashing) occurs.Such as, if Peach receives affirmative reply, a program crashing, request Monitor is sent the visual information relevant to mistake by it.In order to meet the requirement of Peach, Monitor needs to realize the specific method obtaining these message.
Starting point of the present invention locates the function with fast playback for Peach adds leak: Peach is in the process of testing, the running status of equipment under test or software is monitored by Monitor, when monitoring wrong appearance, equipment under test or software is caused to occur abnormal data message by calling locating module to determine, after locating successfully, then call "--rangeM; N " (wherein N >=M) order directly uses the lopsided data packet messages of specifying to carry out orientation test to equipment or software, thus realizes the function of leak fast playback.
Summary of the invention
In view of this, the invention reside in and a kind of method supporting Peach platform leak location and fast playback is provided, to solve discovering device or software anomaly in test process, then or making its equipment recover normal condition retests, or be that the trial of a test case test case manually wastes a large amount of time and the problem of manpower.Apply locating module algorithm of the present invention, make Peach accurately can locate the position of lopsided packet fast, substantially increase work efficiency.
For solving the problem, the invention provides a kind of leak based on Peach platform location and the method for fast playback, comprising: the principle of the operating mechanism of Peach platform and Monitor detection; Increase the support to Monitor module, make Peach can call locating module in test process; Find that equipment under test or software occur extremely, directly start locating module and determine to trigger abnormal lopsided packet, then utilize lopsided data packet messages to carry out fast playback to abnormal conditions.
The algorithm of locating module is the thought based on back-track algorithm, and with the value N of current iteration device iterator for starting point is recalled, every 10 test cases are one group, run one by one, until accurately navigate to the position of the lopsided packet triggering leak.
The value of the iterator that locating module returns can be invoked directly, and realizes the fast playback of leak.Concrete form is "--rangeiterator, iterator+X " (wherein X=0,1,2 ...), when leak is only triggered by a lopsided packet, X=0; When leak has the continuous lopsided packet of X+1 to trigger, multiple packet will be run, now X be greater than 0 positive integer.
Call in locating module realization mechanism process in discussion, patent describes Peach inside and define and call the mechanism of Monitor.Tester can according to the concrete testing requirement (state of how many test case detection primary measured equipment or software, the response time of equipment under test or software is waited for) in the process of detection, realize more efficient duty by self-defining Monitor neatly, and the default value of original Monitor need not be sticked to.
Method of the present invention is providing based on Peach platform leak to locate and while fast playback function, is also better improve the efficiency excavating equipment under test or software vulnerability.And method is simply effective, is convenient to implementation and operation.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Monitor work structuring figure in Fig. 1 Peach platform test process;
Fig. 2 implements schematic diagram of the present invention;
Fig. 3 tests PitFile file corresponding to PDU.
Embodiment
For clearly demonstrating technical scheme of the present invention, provide concrete implementation below: Peach calls the mechanism with self-defined Monitor; Support that locating module is tested equipment under test or software according to set algorithm; Support "--rangeM, N " order and fast playback is carried out to leak.
The function of the monitor in Peach test process is realized by the subclass of the Monitor under its source code Agent catalogue, in PitFile file, by under <Agent> label, introduce Monitor subclass in <Monitorclass=" " >, then can call corresponding Monitor and detect.In the process of test, Monitor obtains the response message of equipment under test or software by sending normal message, thus reaches the object of monitoring.Tester can expand self-defining Monitor as required under Monitor catalogue, can use after recompilating source code, thus convenient, flexible testing based on Peach.
Carry out at locating module in the process of work, system can be made to test according to the test case of specifying, we make use of Peach Core Runtime define in Program.cs--skipto parameter realizes.
After locating module obtains the position of the lopsided packet triggering leak, in order to can the abnormality of the fast playback deformity equipment under test that causes of packet or software, the value transmit of acquisition representative data package location is given by we "--rangeM; N " testing results system after order, thus make leak fast playback.According to the needs of test, after leak reappears, we can also carry out a few step shirtsleeve operation to judge the order of severity of leak.If restarting equipment, equipment can normally work, and can be so general by leak grade classification; If the general supply turning off workstation is opened equipment again and could normally be worked, can be so middle rank by leak grade classification; If equipment cannot recover to return factory's maintenance, can be so senior by leak grade classification.
Through above-mentioned expansion, can automatically accurately locate fast after can making to find leak in Peach platform test process, and can fast playback leak.
The course of work of the present invention is:
First, according to the message format of the agreement of equipment under test or software support, write corresponding PitFile file.
Secondly, start Peach platform and fuzz testing is carried out to equipment under test or software.In test process, the duty of Monitor meeting Real-Time Monitoring equipment under test or software.
Again, if Monitor monitors equipment under test or abnormal duty has appearred in software, then call locating module, trigger equipment or software are occurred that the lopsided packet of abnormality positions.
Finally, the abnormality of after the position of lopsided packet is determined, tester can call "--rangeM, N " order fast playback equipment or software.
Known by describing above, the present invention adds the automatic test support to leak location and fast playback on Peach original function basis, thus enable tester system just can be made to carry out leak location according to set algorithm by shirtsleeve operation, and fast playback leak, high efficient and flexible carry out bug excavation.
Claims (5)
1. based on leak location and the fast playback of Peach platform, it is characterized in that, comprising: Peach platform carries out the operating mechanism of bug excavation and the method for monitor detection; Increase the location to the lopsided packet triggering leak, locating module robotization can be utilized to determine the position of lopsided packet fast; After determining concrete lopsided packet, make its fast playback leak by calling the order of specifying, and again attacked the character and affiliated classification that briefly judge leak by restarting equipment.
2. the method for claim 1, is characterized in that, the position of the lopsided packet of the inventive method location is when MutationStrategy is Sequential.
3. method according to claim 1, is characterized in that, also comprises: if equipment under test or software do not exist leak, and test can by all test cases, and expanded function so of the present invention can not be enabled.
4. method according to claim 1, is characterized in that, also comprises: the concrete method used in locating module and principle, makes it as far as possible accurately and fast navigate to the position of lopsided packet.
5. method according to claim 1, is characterized in that, also comprises: lopsided packet causes equipment or software to occur abnormal conditions, might not be all leak, as long as locate lopsided packet to meet the present invention.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510771773.4A CN105447389A (en) | 2015-11-11 | 2015-11-11 | Vulnerability location and rapid reproduction based on Peach platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510771773.4A CN105447389A (en) | 2015-11-11 | 2015-11-11 | Vulnerability location and rapid reproduction based on Peach platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105447389A true CN105447389A (en) | 2016-03-30 |
Family
ID=55557553
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510771773.4A Pending CN105447389A (en) | 2015-11-11 | 2015-11-11 | Vulnerability location and rapid reproduction based on Peach platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105447389A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105933288A (en) * | 2016-04-08 | 2016-09-07 | 中国南方电网有限责任公司 | Network equipment loophole geographical distribution evaluation system and method |
| CN110808962A (en) * | 2019-10-17 | 2020-02-18 | 奇安信科技集团股份有限公司 | Malformed data packet detection method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324573A (en) * | 2013-07-02 | 2013-09-25 | 北京邮电大学 | PEACH platform extension method for GUI-based protocol state machine modeling |
| CN103346928A (en) * | 2013-07-02 | 2013-10-09 | 北京邮电大学 | Method for supporting breakpoint continuous test of Peach platform |
| US8949992B2 (en) * | 2011-05-31 | 2015-02-03 | International Business Machines Corporation | Detecting persistent vulnerabilities in web applications |
-
2015
- 2015-11-11 CN CN201510771773.4A patent/CN105447389A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8949992B2 (en) * | 2011-05-31 | 2015-02-03 | International Business Machines Corporation | Detecting persistent vulnerabilities in web applications |
| CN103324573A (en) * | 2013-07-02 | 2013-09-25 | 北京邮电大学 | PEACH platform extension method for GUI-based protocol state machine modeling |
| CN103346928A (en) * | 2013-07-02 | 2013-10-09 | 北京邮电大学 | Method for supporting breakpoint continuous test of Peach platform |
Non-Patent Citations (2)
| Title |
|---|
| 王浩: "Peachfuzz模糊测试平台的研究与改进", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
| 赵丽娟: "Fuzz安全测试技术研究", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105933288A (en) * | 2016-04-08 | 2016-09-07 | 中国南方电网有限责任公司 | Network equipment loophole geographical distribution evaluation system and method |
| CN110808962A (en) * | 2019-10-17 | 2020-02-18 | 奇安信科技集团股份有限公司 | Malformed data packet detection method and device |
| CN110808962B (en) * | 2019-10-17 | 2022-04-29 | 奇安信科技集团股份有限公司 | Malformed data packet detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9483383B2 (en) | Injecting faults at select execution points of distributed applications | |
| CN107807877B (en) | Code performance testing method and device | |
| CN106201892B (en) | Abnormal interrupt source position finding and detection method for embedded software | |
| CN105205003A (en) | Automated testing method and device based on clustering system | |
| CN103209173B (en) | A kind of procotol bug excavation method | |
| CN102779094A (en) | Terminal and software exception test method | |
| CN103928038A (en) | Electronic equipment test recording and playing back method | |
| CN104216828A (en) | Testing method for performing function traversal on tested application program | |
| CN104346279A (en) | Method and device for software testing | |
| CN111088998B (en) | Coal mine central station monitoring system testing method and device and substation simulation system | |
| CN105447389A (en) | Vulnerability location and rapid reproduction based on Peach platform | |
| CN101706752B (en) | Method and device for in-situ software error positioning | |
| CN105138458A (en) | Method and system for recording automatic testing scripts by combining intelligent terminal and computer terminal | |
| CN109980789B (en) | State detection method, device, equipment and medium of direct current control protection system | |
| CN115033881B (en) | PLC (programmable logic controller) virus detection method, device, equipment and storage medium | |
| CN110825630A (en) | Vulnerability mining method and device | |
| CN111078484A (en) | Power-off test method, device, equipment and storage medium for system upgrading | |
| KR20180134677A (en) | Method and apparatus for fault injection test | |
| CN115599645A (en) | Method and device for testing stability of linux drive module | |
| CN107273283B (en) | Automatic software detection method and device | |
| US7467068B2 (en) | Method and apparatus for detecting dependability vulnerabilities | |
| CN114564903A (en) | Chip simulation design verification method, device, equipment and medium | |
| CN111090575B (en) | Test method | |
| Lee et al. | Collecting big data from automotive ECUs beyond the CAN bandwidth for fault visualization | |
| CN105512025A (en) | Fuzz engine optimizing method and system based on simulation message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160330 |
|
| RJ01 | Rejection of invention patent application after publication |