基于模式生成的浏览器模糊测试技术

Browser Fuzzing Technique Based on Pattern-Generation

模糊测试被广泛应用于浏览器的漏洞挖掘,其效果好坏的决定因素之一是测试者编写的测试模式.针对特定测试模式实现成本高、生存时间短等问题,提出了一种基于模式生成的浏览器模糊测试器自动构造方法,通过解析已知漏洞触发样本,自动提取测试模式,对模式中每个模块应用传统的变异策略,完成畸形样本的自动生成.实验结果表明:针对5款浏览器的1 089个已知漏洞触发样本,平均仅用时11.168s即可完成1 089个不同模糊测试器的自动构建,远低于人为编写的时间消耗;随机选取其中10个模糊测试器分别对IE 10、IE 11、Firefox 54.0的全补丁版本进行测试,共产生57个不同的崩溃样本,发现1个高危未知漏洞,证明该方法具有较好的未知漏洞发现能力.

Fuzzing is widely used for browser vulnerability mining, and one of the key factors determining its effectiveness is the test pattern written by the tester. Considering that the test pattern is written with high cost and short survival time, in this article, an automatic construction of fuzzy tester based on pattern-generation is presented. By analyzing the known vulnerability samples and extracting the test pattern automatically, the traditional mutation strategy is then applied to each module in the pattern to complete the automatic generation of the abnormal samples. Experimental results show that in average it takes only 11.168 seconds to finish the automatic construction of I 089 different fuzzy testers based on 1 089 known vulnerabilities for five browsers, which has much lower time-consumption than that required by testers themselves. Applying on IE 10, IE 11 and Firefox 54.0 Web browser with randomly selected 10 fuzzy testers, the new method discovered a total of 57 different bugs, including a high-risk unknown vulnerability. This demonstrates that this method has better capability at finding the unknown vulnerability.