4MMSR-2012-2013-project-web sockets fuzzing

De Ensiwiki
Aller à : navigation, rechercher

Mycomputer.png  Deuxième Année  CDROM.png  Informatique  Security logo.png  Sécurité  4MMSR-mini research logo.jpg  4MMSR-mini research project 

Web Socket Fuzzing

This is a "mini" research project for the course 4MMSR-Network Security

Keywords

memory corruption, websocket, fuzzing

Description

Web socket are a novelty of HTML5. As such, this is a new playground for fuzz-testing. aka fuzzing

Expected output

  • presentation slides (additional requirements):
    • considered vulnerabilities
    • SUT to test (and version)
    • representation of an individual sequence
    • concretization: from abstract level (representation) to concrete (web socket messages)
    • test verdict
  • a fuzzer for websocket implementations of browsers (implemented in python)
    • browser harnessing
    • simulating a websocket server
    • generating instructions for the client side
  • experiments for various browsers and various versions. advice: take the first versions of each browser that do support websockets

Research Questions

  • what are the different representation options for the vulnerabilities we target?
  • which test generation strategy seems to be the most efficient at finding vulnerabilities?

References

Tools

Results

{{{results}}}

Get Started!

  • create an archive on the ensimag server, so that only your team members and I have access to it.
  • Créer_une_archive_partagée_avec_Git
  • obviously, do not forget to send me the path afterwards

Contacts

Fabien Duchene