Go to DBLP homepagePredator: Directed Web Application Fuzzing for Efficient Vulnerability Validation
Abstract: Web application vulnerabilities continue to pose a significant challenge. Static analysis is currently the mainstream approach to this issue, while dynamic analysis is not as widely used in comparison. However, both techniques have their limitations. While current static analysis tools are plagued by high false-positive rates, necessitating fine-grained analysis and substantial expertise, it is also the case that dynamic analysis tools are underdeveloped. Current fuzzing-based tools are often limited by inefficiency in exploring deeper code locations. Moreover, state-of-the-art grey-box fuzzers often struggle to capture effective parameters from user interfaces, thereby failing to explore the input space efficiently. In this paper, we propose Predator, a directed fuzzing framework equipped with selective dynamic instrumentation for effective and efficient web application vulnerability detection and validation. We use static analysis techniques and dynamic analysis techniques to complement each other. Our lightweight static analysis provides relevant URLs and parameters of the directed fuzzing targets and thus facilitates dynamic validation of static analysis reports. Additionally, we propose a runtime distance supplementation mechanism and tailored mutation strategies to address the dynamic features of interpreted languages like PHP. The evaluation shows Predator effectively triggers more vulnerabilities and outperforms state-of-the-art grey-box fuzzers by up to 43.8 times in terms of time to exposure. Moreover, Predator detects 26 previously unknown vulnerabilities in real-world applications, further demonstrating its effectiveness. At the time of writing, 7 of the 26 vulnerabilities have been confirmed and patched by the corresponding vendors.
External IDs:dblp:conf/sp/Wang0L025
Loading