Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ivannardi/pl7m

Pcap L7 Mutator
https://github.com/ivannardi/pl7m

deep-packet-inspection fuzzing mutator structure-aware-fuzzing

Last synced: 2 months ago
JSON representation

Pcap L7 Mutator

Host: GitHub
URL: https://github.com/ivannardi/pl7m
Owner: IvanNardi
License: mit
Created: 2023-09-28T20:15:29.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-10-10T20:06:25.000Z (2 months ago)
Last Synced: 2024-10-15T10:03:10.563Z (2 months ago)
Topics: deep-packet-inspection, fuzzing, mutator, structure-aware-fuzzing
Language: C
Homepage:
Size: 555 KB
Stars: 2
Watchers: 2
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Pcap L7 Mutator

Pl7m is a custom mutator (used for [structure aware fuzzing](https://github.com/google/fuzzing/blob/master/docs/structure-aware-fuzzing.md)) for network traffic packet captures (i.e. pcap files).

The output of the mutator is always a valid pcap file, containing the same flows/sessions of the input file.
That's it: the mutator only changes the packet payload after the TCP/UDP header, keeping all the original L2/L3/L4 information (IP addresses and L4 ports).

This might be useful if you are dealing with pcap files and you want to fuzz some applications at the protocol layer, for example in the deep packet inspection engines or for protocol analysis.

Mutations happens at two different levels:
* packet level: each packet might be dropped, duplicated, swapped or its own direction might be swapped (i.e. from client->server to server->client)
* payload level: only the packet payload (i.e. Layer 7 data, i.e. data after TCP/UDP header) is changed

There are some configuration options for some fine tuning: take a look at the beginning of `pl7m.c`

## How to use

Integrating pl7m mutator into your own code is very easy:
1) Copy the two files `pl7m.h` and `pl7m.c` into your own source code directory
2) Add a custum mutator into your own fuzzer, calling directly `pl7m_mutator()`

```
size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
size_t MaxSize, unsigned int Seed)
{
return pl7m_mutator(Data, Size, MaxSize, Seed);
}

```

3) Compile your own fuzzer, linking to libpcap

For a complete example, see `fuzz/fuzzer_example.c`

Note that, even if the documentation/code only cites libfuzzer, you can easily use any other fuzzing library.

## Known limitations

* Better support for TCP flows: we might need to update sequence/ack numbers in the TCP header

## Used by

* [nDPI](https://github.com/ntop/nDPI)