Commit b0541292 authored by Guillaume BIENKOWSKI's avatar Guillaume BIENKOWSKI

Add a dictionary of lexemes to AFL fuzzer. This speeds up the process of

finding interesting new variations of SIP message.

Also added the scripts needed for generating this dictionary.
parent 1cf229ee
......@@ -19,7 +19,7 @@ Then follow these steps:
3. You can now run the afl fuzzy tester in the tester/ directory to test the parser for SDP, HTTP or SIP.
afl-fuzz -i afl/sip -o afl_sip_results -- ./belle_sip_parser --protocol sip @@
afl-fuzz -i afl/sip -o afl_sip_results -- ./belle_sip_parse --protocol sip @@
With this command:
......@@ -33,7 +33,8 @@ With this command:
The afl directory contains test messages that will be the base for mutation with the afl fuzzer. They are saved using the CRLF line endings. This is important since the parser expects two "\r\n\r\n" at the end of a message.
The hangs usually occur when the message passed to belle_sip_parse is not correctly formed, and the underlying implementation fails at some point. These are not false positives, they are actual problems!
## TODO:
1. add HTTP and SDP fuzzy tests
2. add a dictionary of keywords to help the fuzzer generate some valid messages (instead of bitflipping randomly) (see `afl-fuzz -x` option)
\ No newline at end of file
1. add HTTP and SDP fuzzy tests
\ No newline at end of file
# this script just reads each line in the sip_dict.txt and creates a file with the line content in it.
# this is foe AFL to get an idea of important lexemes to use to mutate SIP messages.
lines = File.open("sip_dict.txt", "r").read
# remove empty lines (this is bound to happen)
lines = lines.split(/\n/).reject{ |l| l.chomp.empty? }.join("\n")
lines.each_line { |line|
line.gsub!(/\n/, "")
file = "sip_dict/#{line}"
file.gsub!(/[\=\:]/,"_")
print "Create file #{file}\n"
# comment this line for a dry run
#File.open(file, "w") { |file| file.write(line) }
}
\ No newline at end of file
Accept-Encoding:
Accept-Language:
Accept:
alert
Alert-Info:
algorithm=
Allow:
application
Apr
audio
Aug
auth
auth-int
Authentication-Info:
Authorization:
branch
branch=
c:
Call-ID:
Call-Info:
card
cnonce=
Contact:
Content-Disposition:
Content-Encoding:
Content-Language:
Content-Length:
Content-Type:
CSeq:
Date:
Dec
Digest:
domain=
duration=
e:
emergency
Error-Info:
Expires:
expires=
f:
false
Feb
Fri
From:
GMT
handling=
i:
icon
image
In-Reply-To:
info
ip
Jan
Jul
Jun
k:
l:
lr
m:
maddr=
Mar
Max-Forwards:
May
message
MIME-Version:
Min-Expires:
Mon
multipart
nc=
nextnonce=
non-urgent
nonce=
normal
Nov
Oct
opaque=
optional
Organization:
phone
Priority:
Proxy-Authenticate:
Proxy-Authorization:
Proxy-Require:
purpose=
q=
qop=
realm=
received=
Record-Route:
render
Reply-To:
Require:
required
response=
Retry-After:
Route:
rspauth=
s:
Sat
SCTP
sctp
Sep
Server:
session
SIP
stale=
Subject:
Sun
Supported:
t:
tag=
TCP
tcp
text
Thu
Timestamp:
TLS
tls
To
true
ttl=
Tue
UDP
udp
Unsupported:
urgent
uri=
User-Agent:
username=
v:
Via:
video
Warning:
Wed
WWW-Authenticate:
x-
\ No newline at end of file
Accept-Encoding:
\ No newline at end of file
Accept-Language:
\ No newline at end of file
Accept:
\ No newline at end of file
Alert-Info:
\ No newline at end of file
Allow:
\ No newline at end of file
Apr
\ No newline at end of file
Aug
\ No newline at end of file
Authentication-Info:
\ No newline at end of file
Authorization:
\ No newline at end of file
CSeq:
\ No newline at end of file
Call-ID:
\ No newline at end of file
Call-Info:
\ No newline at end of file
Contact:
\ No newline at end of file
Content-Disposition:
\ No newline at end of file
Content-Encoding:
\ No newline at end of file
Content-Language:
\ No newline at end of file
Content-Length:
\ No newline at end of file
Content-Type:
\ No newline at end of file
Date:
\ No newline at end of file
Dec
\ No newline at end of file
Digest:
\ No newline at end of file
Error-Info:
\ No newline at end of file
expires=
\ No newline at end of file
Feb
\ No newline at end of file
Fri
\ No newline at end of file
From:
\ No newline at end of file
GMT
\ No newline at end of file
In-Reply-To:
\ No newline at end of file
Jan
\ No newline at end of file
Jul
\ No newline at end of file
Jun
\ No newline at end of file
MIME-Version:
\ No newline at end of file
Mar
\ No newline at end of file
Max-Forwards:
\ No newline at end of file
May
\ No newline at end of file
Min-Expires:
\ No newline at end of file
Mon
\ No newline at end of file
Nov
\ No newline at end of file
Oct
\ No newline at end of file
Organization:
\ No newline at end of file
Priority:
\ No newline at end of file
Proxy-Authenticate:
\ No newline at end of file
Proxy-Authorization:
\ No newline at end of file
Proxy-Require:
\ No newline at end of file
Record-Route:
\ No newline at end of file
Reply-To:
\ No newline at end of file
Require:
\ No newline at end of file
Retry-After:
\ No newline at end of file
Route:
\ No newline at end of file
sctp
\ No newline at end of file
SIP
\ No newline at end of file
Sat
\ No newline at end of file
Sep
\ No newline at end of file
Server:
\ No newline at end of file
Subject:
\ No newline at end of file
Sun
\ No newline at end of file
Supported:
\ No newline at end of file
tcp
\ No newline at end of file
tls
\ No newline at end of file
Thu
\ No newline at end of file
Timestamp:
\ No newline at end of file
To
\ No newline at end of file
Tue
\ No newline at end of file
udp
\ No newline at end of file
Unsupported:
\ No newline at end of file
User-Agent:
\ No newline at end of file
Via:
\ No newline at end of file
WWW-Authenticate:
\ No newline at end of file
Warning:
\ No newline at end of file
Wed
\ No newline at end of file
alert
\ No newline at end of file
algorithm=
\ No newline at end of file
application
\ No newline at end of file
audio
\ No newline at end of file
auth
\ No newline at end of file
auth-int
\ No newline at end of file
branch
\ No newline at end of file
branch=
\ No newline at end of file
c:
\ No newline at end of file
card
\ No newline at end of file
cnonce=
\ No newline at end of file
domain=
\ No newline at end of file
duration=
\ No newline at end of file
e:
\ No newline at end of file
emergency
\ No newline at end of file
f:
\ No newline at end of file
false
\ No newline at end of file
handling=
\ No newline at end of file
i:
\ No newline at end of file
icon
\ No newline at end of file
image
\ No newline at end of file
info
\ No newline at end of file
ip
\ No newline at end of file
k:
\ No newline at end of file
l:
\ No newline at end of file
lr
\ No newline at end of file
m:
\ No newline at end of file
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment