Fuzzing on the HTTP protocol implementation in mobile embedded web server - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2011

Fuzzing on the HTTP protocol implementation in mobile embedded web server

Matthieu Barreaud
  • Fonction : Auteur
  • PersonId : 1090759
Guillaume Bouffard
Nassima Kamel
  • Fonction : Auteur
  • PersonId : 918085
Jean-Louis Lanet
  • Fonction : Auteur
  • PersonId : 1017794

Résumé

The fuzzing is a technique which allows to generate invalid, unexpected, or random data to supply them in the various inputs of the software or the protocol to be tested. That allows to find situations not expected by the programmers and sometimes to influence the functioning of the target. Our work aims to check implementations of the HTTP protocol in smart card embedded web servers. For that, we have used the fuzzing method to found vulnerabilities and compliance of this sort of web server. Moreover, working on black box forced us to use PyHAT to collect a maximum of information of the target features. Thus, we can reduce the amount of properties to analyze. Our fuzzing program is based on the Peach framework adapted to our needs. Then, with data model and state model of the target, Peach will generate the fuzzing data. We have also defined mutators to represent the mutations types used. Results generated by logs files are finally automatically analyzed to understand the behavior of the application and to detect if some fuzzed data succeed to take up vulnerabilities.
Fichier principal
Vignette du fichier
BarreaudBKL11.pdf (422.4 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03138849 , version 1 (11-02-2021)

Identifiants

  • HAL Id : hal-03138849 , version 1

Citer

Matthieu Barreaud, Guillaume Bouffard, Nassima Kamel, Jean-Louis Lanet. Fuzzing on the HTTP protocol implementation in mobile embedded web server. C&ESAR, Nov 2011, Rennes, France. ⟨hal-03138849⟩

Collections

UNILIM CNRS XLIM
73 Consultations
162 Téléchargements

Partager

Gmail Facebook X LinkedIn More