Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A browser fuzzing method based on ast mutation

A technology of fuzz testing and browsers, which is applied in software testing/debugging, instrumentation, error detection/correction, etc. It can solve problems such as fuzzing testing for one month or more, difficult fuzzing testing browser vulnerabilities, etc., and achieves the goal of improving efficiency Effect

Active Publication Date: 2022-02-18
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem solved by the present invention is that in the prior art, the current browsers have repaired the loopholes detected by fuzzing and have implemented some protection mechanisms at the browser level, so that the current single fuzzing method is relatively difficult to fuzz. Test browser vulnerabilities, and even if there are vulnerabilities, it may take a month or more to find out the problem of fuzzing, and then provide an optimized browser fuzzing method based on AST mutation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The present invention will be described in further detail below in conjunction with the examples, but the protection scope of the present invention is not limited thereto.

[0019] The invention relates to a browser fuzz testing method based on AST mutation.

[0020] The verification test is an indicator for the user to propose performance requirements and expansion requirements.

[0021] In the present invention, the verification test is Proof of Concept, which is a popular verification test for specific applications of customers in the industry. According to the user's performance requirements and expansion requirements for the adopted system, real data is run on the selected server. Carry out actual calculation of the amount of user data and running time, and increase the amount of data according to the needs of future business expansion of users to verify the carrying capacity and performance changes of the system and platform.

[0022] The method includes the foll...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a browser fuzzing test method based on AST mutation. By parsing the verification test sample of the loopholes in the old version of the browser into an AST syntax tree, the AST syntax mutation is performed to obtain a new AST syntax tree, which is re-parsed and generated. New verification test sample, the browser loads the new verification test sample, monitors the operation of the browser with a debugger, if the browser crashes, collects the verification test sample at the time of the crash, uploads it to the WEB server, deletes Runtime validation test sample, otherwise ok, delete runtime validation test sample. The present invention can mutate the original verification test samples, regenerate new verification test samples, let the browser run, monitor the state of the browser, and collect verification test samples that cause the browser to crash, which can greatly improve browsing performance. Improve the efficiency of device fuzz testing and improve the efficiency of vulnerability mining.

Description

technical field [0001] The invention relates to the technical field of error prevention through software testing or debugging, in particular to a browser fuzzing testing method based on AST mutation which improves the efficiency of loophole mining. Background technique [0002] Fuzzing is a method of discovering software vulnerabilities by providing unexpected input to the target system and monitoring abnormal results, that is, using automated or semi-automated methods to repeatedly provide input to applications. [0003] Fuzzers for fuzz testing are divided into two categories, one is mutation-based fuzzers, which are created by mutating existing data samples, and the other is based on generating A (generation-based) fuzzer models the protocol or file format used by the system under test, generates inputs based on the model, and creates test cases accordingly. [0004] In the prior art, the fuzzing test of the browser is mostly carried out on the DOM tree or the Javascript...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
CPCG06F11/3644G06F11/366
Inventor 姚志华范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products