Skip to content
/ ShadowFuzzer Public

The fuzzing framework named SHADOWFUZZER to find clientside vulnerabilities when processing incoming MQTT messages.

License

EPL-2.0 license
20 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ReAbout/ShadowFuzzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Fuzzer
Fuzzer
 
 
ShadowBroker
ShadowBroker
 
 
doc/img
doc/img
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ShadowFuzzer

The ShadowFuzzer is a fuzzing framework to find client-side vulnerabilities when processing incoming MQTT messages.

Paper

Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge and Baojun Liu. Processdings of The 7th IEEE European Symposium on Security and Privacy, (EuroS&P) Genoa, June 6-10, 2022

Attack Model

The attack targets are the IoT devices communicating with the MQTT broker. The adversary aims to leverage the broker as a trampoline to transfer exploit messages to the target devices to trigger the vulnerabilities when processing the MQTT payload.

Overview of ShadowFuzzer

How to use?

Build ShadowBroker

First build the ShadowBroker and make the device (subscriber) to connect to the ShadowBroker by DNS redirection or other tricks.

Fuzzing

Boot the fuzzer

About

The fuzzing framework named SHADOWFUZZER to find clientside vulnerabilities when processing incoming MQTT messages.

Resources

Readme

License

EPL-2.0 license
Activity

Stars

20 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages