The Design and Implemention of Fuzzing Tool
|School||Beijing University of Posts and Telecommunications|
|Keywords||fuzzing Vulnerability discovery Regex Frame|
With the deepening of social information , software security issues become increasingly prominent . A security vulnerability is a software fault mode . The existence of such vulnerability may be software provides easy to attack others . Once the software has been successful attack , the system may be paralyzed , the harm may be greater , therefore , such loopholes should be avoided . The To avoid software vulnerabilities are exploited by attackers before the software is released , its test is required , every effort should be made to find software bugs and vulnerabilities before posting . The real situation : a lot of software are not put through rigorous testing on the market . Fuzzing test is a very good vulnerability detection , automated testing methods . But the fuzzing test the effect , depends largely on its use of the test cases . Fuzzing tools to use relatively simple test case generation method is relatively simple . Regular expressions are a regular way of describing syntax , it is widely used in pattern matching , and the vast majority of programming languages ??are now some support . The paper proposes a novel usage of a regular expression - the regular expression is converted to the corresponding data . Because the regular expression is a description of the very strong , especially suitable for the definition and description of the various structured data . This paper gives such data can generate a complete definition of the expression , to be named \Meanwhile, the paper also achieved a given regular generative data converted into a program code . The design basis for this article is generated type papers and two Fuzzing test framework design and implementation , each frame of the test data are generated by a regular expression generation . These two frameworks is also highly scalable , a dynamic library plugin the paper interface requirements prepared in accordance with the extension , is prepared in accordance with the Python scripting interface requirements . Protocol aspects of the use of these two frameworks , the test can concentrate better the attention test target itself , the test data can be better designed , making it easier to find the test objectives vulnerability . Further papers using the above Fuzzing tool can be tested to the actual target software to obtain a very good experimental results .