Skip to Main Content
Fuzzing is an effective approach to detect vulnerabilities. Unfortunately, the existing fuzzing approach suffers from some limitations, especially lacking support for automation in extracting the SUT specific knowledge and generating test script. In this paper, by combining fuzzing with TTCN-3 technique, we present T3FAH: a TTCN-3 based Fuzzer with Attack Heuristics. The approach automatically extracts the input syntax of SUT from existing test data definitions in TTCN-3 conformance test suite, generates invalid inputs based on the attack heuristic generation algorithm, and automatically constructs fuzzing test script via reusing the conformance test case. We conducted a case study on three popular SIP terminals with different SIP protocol implementations. In the case study, our approach detected several different vulnerabilities in all three SIP terminals, which may damage user experience in the practical use. It proves that our approach can be effectively used for testing real world applications.