Fuzz Testing based on Sulley Framework

Guo, Zhenbang; Li, Nan; Wang, Shawn X.

doi:10.1515/9783110584974-022

Cited by 1 publication

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…AutoFuzz [3] AspFuzz [4] SecFuzz [5] Sulley [6] Boofuzz [7] Peach [8] Snooze [9] Pulsar [10] TLS-fuzzer [11] DTLS-fuzzer [12] ICS-fuzzer [13] NLP-fuzzer [14] SGPFuzzer…”

Section: Table I Survey Of Existing Protocol Fuzzersmentioning

confidence: 99%

“…As stated in Section II, although there are many works on protocol analysis [35] [36], few graybox fuzzers have been designed specifically to test network protocols, especially stateful network communication protocols. Sulley [6] and its successor, Boofuzz [7], generate packets based on protocol specifications and send them to target ports for fuzzing. Therefore, these are generation-based fuzzers (i.e., new message sequences are generated from scratch, using pre-specified message templates).…”

Section: Protocol Fuzzingmentioning

confidence: 99%

“…To some extent, these fuzzers are still "blind" regarding fuzzing network protocol implementation. Given a protocol model (in the form of a finite state machine), some blackbox fuzzers [6][7] [8] can leverage the data grammars of messages accepted at the various states to generate syntactically valid message sequences and send them to the system under test to perform stress testing. However, these fuzzers depend heavily on the completeness of the given protocol model-which may not correctly correspond to the actual protocol implementation.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

SGPFuzzer: A State-Driven Smart Graybox Protocol Fuzzer for Network Protocol Implementations

Yu¹,

Chen

Gan³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

As one of the most widely used technologies in software testing, fuzzing technology has been applied to network protocol vulnerability detection, and various network protocol fuzzers have been proposed. In this study, we first analyze and summarize some typical network protocol fuzzers to highlight the challenges when addressing stateful network protocol fuzzing. Then, a state-driven smart graybox protocol fuzzer (SGPFuzzer) is proposed to deal with these challenges. Finally, we evaluate SGPFuzzer on two widely used protocol implementations (LightFTP and tinyDTLS).The results show that SGPFuzzer outperforms Boofuzz and AFL in path coverage, unique crashes and the first time crash to crash, and it triggers a known bug which can't be trigged by the other two tools, fully proving its effectiveness and practicability. INDEX TERMS stateful network protocol, graybox fuzzer, AFL, smart mutation, Boofuzz S0 S1 S2 Sn ...

show abstract

“…AutoFuzz [3] AspFuzz [4] SecFuzz [5] Sulley [6] Boofuzz [7] Peach [8] Snooze [9] Pulsar [10] TLS-fuzzer [11] DTLS-fuzzer [12] ICS-fuzzer [13] NLP-fuzzer [14] SGPFuzzer…”

Section: Table I Survey Of Existing Protocol Fuzzersmentioning

confidence: 99%

Section: Protocol Fuzzingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation