本文介绍了模糊测试XML解析器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想对XML解析器进行模糊测试,想知道是否有一些合适的模糊器.
不仅会产生随机垃圾,而且会利用现有的架构规范(例如XSD或DTD)会很好.
I want to fuzz-test a XML-parser and wonder if there are some appropriate fuzzers.
It would be nice not only generate random garbage, but take advantages of existing schema specification like XSD or DTD.
推荐答案
以下是我在几个月前的一次搜索中偶然发现的一些XML模糊测试器:
Following are some XML fuzzers that I chanced upon, during a search several months back:
- .这似乎没有在积极的开发中,其最新更新是在2007年.(该项目在Sourceforge上不再可用,有关后代的信息,请参见 archive.org中的部分内容和 packetstorm 进行下载.它已添加到Peach-1.0中,但不再出现在Peach-3.1 Community Edition 源文件中.
- Fuzzware .似乎对基于XSD的模糊测试提供了不错的支持.
- 桃子. Peach模糊测试项目将帮助您生成有效的XML文件,但是如果您想模糊解析器而不是使用解析器的应用程序,则可能不会有太大帮助.当然值得一试,但是请注意,如果您不了解XML中的各种结构,则创建数据模型可能是一个繁琐的过程.相关项目 HotFuzz 在这里也值得一提.
- JBroFuzz .这是相当积极的发展.我找不到任何描述它的XML(和SOAP)模糊测试功能的教程.事实证明它可以单独用作模糊库,这可能会对您有所帮助.
- 用于XML的Codenomicon防御.这是一个商业模糊器. 免责声明:我过去曾评估过Defensics,并发现它适用于各种目的.可以使用多种技术对XML解析器进行单独的模糊处理-您可以将由模糊器生成的文件提供给XML解析器,或者发出HTTP请求等.请记住,如果需要模糊应用程序而不是解析器,则必须使用不同的方法. ;防御程序将帮助您在模糊输入中选择所需的各种输入类别,以便您可以将解析器或应用程序作为目标,或者作为目标.
- . This is does not appear to be in active development, with the last update in 2007. (Project no longer available on Sourceforge, for posterity see archive.org for partial content, and packetstorm for download. It was added to Peach-1.0, but no longer appears in the Peach-3.1 Community Edition source at all).
- Fuzzware. Appears to have decent support for XSD based fuzzing.
- Peach. The Peach fuzzer project will aid in you in generating valid XML files, but will probably not be of much help if you want to fuzz the parser instead of the application using the parser. It is certainly worth a try, but be forewarned that creating a data model can be a cumbersome process if you are not aware of the various structures in XML. The related project HotFuzz is also worth mentioning here.
- JBroFuzz. This is quite actively developed. I couldn't find any tutorial describing it's XML (and SOAP) fuzzing capabilities. You might be helped by the fact that it can be used as a fuzzing library alone.
- Codenomicon Defensics for XML. This is a commercial fuzzer. Disclaimer: I have evaluated Defensics in the past, and have found it suitable for various purposes. The XML parser alone can be fuzzed using various techniques - you may feed it files generated by the fuzzer, or issue HTTP requests etc. Do keep in mind that different approaches will have to be used if you need to fuzz your application instead of the parser; Defensics will aid in selecting the various classes of inputs that you want in the fuzz inputs, so that you can target your parser, or your application or both.
这篇关于模糊测试XML解析器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!