|
|
|
|
|
|
by matusf
1680 days ago
|
|
|
Hi HN, I'd like to share with you a fuzzer I've been working on. It is a black-box, smart, generation-based fuzzer, that fuzzes APIs based on OpenAPI specification. It all started as a bachelor thesis[0], when I wanted to do something security-related and learn Rust along the way. My colleague @viralpoetry tutored me and so far, we've been able to find bugs in software such as k8s, gitea, and vault[1]. As for the choice of language, Rust proved to be a good decision, even though, one would think that dynamic languages are better suited for fuzzing (at least that was the choice for API fuzzers that I looked into). Thanks to Rust's type system, I was able to deserialize the OpenAPI specification to structs and traverse them when creating a fuzzing payload in a type-safe way. Other fuzzers load the specification to a dictionary/hashmap and then fail during the traversal because of some missing key they expected. 0: https://github.com/matusf/bachelor-thesis/releases/download/... 1: https://github.com/matusf/openapi-fuzzer#findings |
|
|
[Wikipedia]: https://en.m.wikipedia.org/wiki/Fuzzing
(Just in case others are looking for a definition, though I guess it must be relatively well known)