Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mtrnord/matrix-fuzz

fuzzing http-fuzzer matrix matrix-fuzzer matrix-library matrix-protocol matrix-testing synapse

Last synced: 21 days ago
JSON representation

Host: GitHub
URL: https://github.com/mtrnord/matrix-fuzz
Owner: MTRNord
License: apache-2.0
Created: 2022-08-12T09:13:15.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2023-10-07T17:33:52.000Z (about 1 year ago)
Last Synced: 2024-10-14T15:14:25.275Z (22 days ago)
Topics: fuzzing, http-fuzzer, matrix, matrix-fuzzer, matrix-library, matrix-protocol, matrix-testing, synapse
Language: Rust
Homepage:
Size: 145 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

# Matrix Fuzzing

Matrix fuzzing is a dumb fuzzer fuzzing a few matrix endpoints. It requires a HS and a user to exist.

# Project room

[#matrix-fuzz:midnightthoughts.space](https://matrix.to/#/#matrix-fuzz:midnightthoughts.space)

# Current targets

- `/_matrix/client/v3/createRoom` - `tests::tests::fuzz_create_room` - `createRoom`

# Usage of fuzzcheck-rs

1. Create a HS
2. Setup a user
3. Set `MATRIX_USERNAME` and `MATRIX_PASSWORD` to the username and password of the user you want to fuzz as.
4. Install fuzzcheck -> https://github.com/loiclec/fuzzcheck-rs#setup
5. Run `cargo fuzzcheck `
6. Wait until it crashes
7. Verify the error by trying the output json yourself
8. Please make sure to follow https://matrix.org/security-disclosure-policy/ for found errors instead of posting them in public unless you are 100% sure they are not a security issue. If you are in doubt prefer the security disclosure policy.

# Usage of afl.rs

1. Create a HS
1. Setup a user
2. Install afl.rs -> `cargo install afl`
3. Run `cargo afl build`
4. Set `MATRIX_USERNAME` and `MATRIX_PASSWORD` to the username and password of the user you want to fuzz as.
5. Run `cargo afl fuzz -i ./afl//in -o ./afl//out ./target/debug/`
6. Wait until it crashes
7. Verification is a little harder. See https://github.com/rust-fuzz/afl.rs/issues/215 on how to reproduce things
8. Please make sure to follow https://matrix.org/security-disclosure-policy/ for found errors instead of posting them in public unless you are 100% sure they are not a security issue. If you are in doubt prefer the security disclosure policy.

# Hall of Explosions (Bugs found)

- https://github.com/matrix-org/synapse/issues/13510
- https://github.com/matrix-org/synapse/issues/13511
- https://github.com/matrix-org/synapse/issues/13512
- https://github.com/matrix-org/synapse/issues/13664

# Known bugs in the fuzzer

The fuzzer generates arbitrary json objects currently very poorly. Resulting in a lot less cases than it should. Its a workaround for now until there is a nicer way.