Solving real world security problems: hacking and protection

Abstract

Fuzzing of Commercial Off-The-Shelf router firmwares is a critical task to find vulnerabilities, allowing developers to fix them before threat actors are able to exploit and compromise the confidentiality, integrity and availability of user’s data and Internet traffic. However, current fuzzing software do not take into account the HyperText Transfer Protocol (HTTP) requirements needed for a successful request to a router’s web server. On top of that, the fuzzing experiments require the user to manually collect seeds or use generic ones, reducing its ability to explore deeper into the firmware’s logic. To address this, this report proposes the use of a HTTP custom mutator as well as a seed scraper, which automatically collects up to 5 POST requests obtained from the web server. The combination of the custom mutator and custom seed, as well as the standard American Fuzzy Lop ++ (AFL++) fuzzer and generic seeds resulted in an increase in map size as well as saved crashes and hangs, while fuzzing cycles remain low. This indicates higher code coverage and the discovery of more interesting test cases which may be missed by the standard mutator and generic seeds.