| Meno: | Vladyslav |
|---|---|
| Priezvisko: | Havriuk |
| Názov: | Protocol fuzzing |
| Vedúci: | doc. RNDr. Martin Stanek, PhD. |
| Rok: | 2026 |
| Kµúčové slová: | fuzzing, WebTransport, QUIC, HTTP/3, protocol testing, security |
| Abstrakt: | Protocol fuzzing is a technique used to test protocol implementations. It has been successfully employed to identify implementation errors and security vulnerabilities in various protocols. This thesis focuses on fuzzing the WebTransport protocol as a concrete case of protocol fuzzing: we explore methods of protocol fuzzing and apply them to real-world implementations of WebTransport. The results are analyzed and discussed. This thesis addresses protocol fuzzing for identifying bugs in implementations and vulnerabilities. We present a BooFuzz-based fuzzer for the WebTransport protocol that combines capsule-structure mutations with sequence-level operators such as reordering, duplication, omission, prohibited capsule injection, and post-close activity. The contribution lies in the integration with aioquic for QUIC support, testing on echo servers across three different draft generations, and analysis of the results, including the discovery of two distinct issues: a reachable assertion panic in the Rust wtransport library and a specification violation in aioquic where a WT_STREAM frame on the CONNECT stream is silently accepted. The results demonstrate the effectiveness of the approach in detecting both robustness defects and silent protocol-conformance failures, contributing to the reliability of WebTransport. |
Súbory bakalárskej práce:
| havriuk-protocol-fuzzing.pdf |
| webtransport-fuzzer-repo.zip |
Súbory prezentácie na obhajobe: