LCBH
As explained in #148, the aim is to develop a complementary bug oracle that solely depends on the trace and the exchanged messages.
By inspecting a trace that executed gracefully and the exchanged messages, it should be possible to detect a large class of security violations already. Pros: - no need to have...
The fuzzer currently captures the following attack scenarios: - honest server attacked by a malicious client - honest client and server attacked by a MiM attacker. Client accepts any valid...
My goal is to list some Todos and potential future directions. It is a WIP issue that I will continue in the forthcoming days. Next, I need to split this...
See [#279 ] One approach to integrate bit-level mutations (like HAVOC) to tlspuffin and DY fuzzing in general is as follows: 1. Have a mutation `make_bitstring` that: a. randomly choose...
The intended goal of this PR (still WIP) is to add a new kind of atom (actually a variant of a `Term::Variable`) corresponding to constant bitstrings amenable to bit-level fuzzers....
See new failing uni test `openssl::deterministic::tests::test_openssl_no_randomness_full` from PR #293. Run `cargo test --package tlspuffin --lib test_openssl_no_randomness_full --features openssl111j -- --nocapture` and observe that the resulting `TraceContexts` are not equal. By...
One approach to integrate bit-level mutations (like HAVOC) to tlspuffin and DY fuzzing in general is as follows: 1. Have a mutation `make_bitstring` that: a. randomly choose a sub-term `t`...