Comments (2)
so, the fuzzer part both is and isn't implemented :)
it's implemented in that there are ways for modifying sent messages: https://tlsfuzzer.readthedocs.io/en/latest/modifying-messages.html#modifying-messages fuzzer-like
but it isn't implemented in that the way those modifiers are usually used is through exhaustive iteration; for example, if we have a 2048 bit RSA signature, we flip every bit of the plaintext and see if the message is rejected, then when it's used in the test case, we may run just few random examples of that full list, but we generate the full list:
tlsfuzzer/scripts/test-tls13-certificate-verify.py
Lines 533 to 571 in 5b32de5
only combinatorial explosion stops us from testing more than 1 flipped bit at a time: if we would generate those modifications on the fly (which is possible, they are pre-generated so that we can deterministically run them or skip them) we could have a script that keeps fuzzing the signature with more and more complex patterns till the end of time :)
to sum it up: if you want to use it as a fuzzer, you totally can, but I limit that kind of use and instead try to create custom tailored test cases, as those are more likely to find issues in a cryptographic protocol like TLS and use fuzzing-like behaviour just to speed up execution
I'm glad you find it interesting enough to consider contributing, feel free to ask questions, I'll gladly discuss solutions or provide explanations for the behaviour; I'm also open to any suggestions to improve documentation, I know it's not in the best shape, but it's a priority for me to fix it
from tlsfuzzer.
@luke-goddard do you have any follow-up questions?
from tlsfuzzer.
Related Issues (20)
- tlsfuzzer is not compatible with python3-3.10.0~b4-3.fc35.x86_64
- Add means to set default socket timeout to `scripts_retention.py` HOT 5
- Handle new curves/add brainpool TLS 1.3 definitions
- CI fails with crashing server on Python 3.3, 3.6 HOT 4
- QUIC transport parameters extension HOT 1
- TLS 1.3 0-RTT Handshake without EndOfEarlyData
- Crash in key generation with m2crypto
- A question about signature algorithm HOT 3
- scripts/test-aesccm.py missing connect HOT 3
- tlsfuzzer discord server
- Prevent 'add_child' from overwriting the 'child' (raise error) HOT 1
- Better CPU utilisation for wide systems during analysis
- test-bleichenbacher-timing-marvin: ServerHello: unexpected extension server_name when using DNS-based hostname HOT 5
- Python 3.12 deprecated asyncore, tlslite uses it... HOT 1
- Slow extraction and improvements to Minerva analysis HOT 5
- Publish to PyPI HOT 6
- Hamming weight data extraction for ECDSA signatures HOT 3
- smart analysis improvements HOT 3
- Test coverage for compress_certificate extension (RFC8879)
- Detect environment-specific departure from mean for combined data
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tlsfuzzer.