With the increasing complexity and importance of network applications, the security requirements for network protocols are getting higher and higher. Fuzzing, as one of the important Testing techniques to discover undisclosed vulnerabilities, tests the security of network protocols by producing and sending large amounts of data and injecting them into software, many important vulnerabilities such as denial of service, buffer overflows, and formatting strings can be found. Manual generation of test cases can be more appropriate to the target under test, but manual Fuzzing requires accurate understanding of network protocol details and tedious work to construct a large number of test data sets, resulting in limited coverage and poor effect. In order to solve this problem, this paper first investigates the types of vulnerabilities, summarizes the fuzzy strategies, and then constructs a fuzzer based on the existing framework, adopts mutation strategy to construct malformed network packets, which are sent to the tested target for testing. The results show that this method is more efficient than manual analysis in vulnerability mining, which provides a good foundation for improving the security of network protocols.
展开▼
