Go to DBLP homepagePoster: Automatic Network Protocol Fingerprint Discovery with Difference-Guided Fuzzing
Abstract: Network protocol fingerprinting is a critical technique for identifying various implementations of network protocols, which is essential for vulnerability assessment and security management. However, current fingerprinting methods such as Nmap still heavily rely on manual probe crafting, requiring experts with domain knowledge and leading to inefficiencies and potential oversights. This paper introduces pFuzz, an automatic network protocol fingerprint discovery system utilizing difference-guided fuzzing, to address the challenge of the vast search space inherent in fingerprinting. We propose a difference tree to model the nested recursive condition structure of network protocols and a packet oracle map to capture and utilize multifield relationships revealed by value co-occurrence. Our evaluation of pFuzz on the widely used TCP/IP protocol demonstrates its effectiveness and efficiency on discovering fingerprints.
Loading