A comprehensive security research project demonstrating Protocol Fuzzing (Black-Box Testing) techniques. This project implements custom fuzzers using the Boofuzz framework to detect critical vulnerabilities—such as Buffer Overflows and Logic Errors—in simulated FTP, DNS, and proprietary TCP servers.
The goal of this project is to simulate a realistic network environment containing vulnerable services and to develop automated attack tools (Fuzzers) capable of crashing them. Unlike standard functional testing, our Fuzzers send massive amounts of malformed and random data to edge cases, aiming to trigger unexpected behaviors.
We targeted three distinct server implementations:
- Vulnerable FTP Server (C) - Contains a Stack Buffer Overflow.
- Math Server (Python) - Contains a Logic Error (Division by Zero).
- Vulnerable DNS Server (C) - Contains a Heap Buffer Overflow (simulating CVE-2017-14491 found in Dnsmasq).
The project environment is containerized using Docker to isolate the vulnerable services and ensure reproducible crashes without harming the host machine.
| Service | Language | Port | Vulnerability Type | Description |
|---|---|---|---|---|
| FTP Server | C | 2121 |
Stack Buffer Overflow | Unsafe strcpy usage when handling the USER command. |
| Math Server | Python | 9090 |
Denial of Service (DoS) | Logic error failing to handle division by zero. |
| DNS Server | C | 5454 |
Heap Buffer Overflow | Miscalculated malloc size leading to memcpy overflow (CVE-2017-14491 simulation). |
- Docker & Docker Compose
- Python 3.x
- Boofuzz library (
pip install boofuzz)
-
Clone the repository:
git clone [https://github.com/your-username/Protocol_Fuzzer.git](https://github.com/your-username/Protocol_Fuzzer.git) cd Protocol_Fuzzer -
Build and Start the Vulnerable Environment: We use Docker to compile the C servers with specific flags (e.g.,
-fno-stack-protector,-z execstack) to make them exploitable for demonstration purposes.docker-compose up --build
This command will start all three vulnerable servers on their respective ports.
Each fuzzer is a standalone Python script designed to attack a specific protocol.
This fuzzer sends long strings to the USER command field.
python Fuzzer/ftp_fuzzer.pyExpected Result: The server crashes when receiving a username longer than 64 bytes. The fuzzer detects the socket disconnection, saves the crash packet, and the Docker container restarts.2. Attacking the Math Server (Logic Error) This fuzzer sends binary packets with random opcodes and operands.
python Fuzzer/math_fuzzer.pyExpected Result: The fuzzer eventually sends a "Division" opcode with 0 as the second operand. The server throws an unhandled ZeroDivisionError exception and terminates.
- Attacking the DNS Server (Heap Overflow / CVE-2017-14491) This fuzzer generates complex DNS UDP packets with varying domain name lengths.
python Fuzzer/dns_fuzzer.pyExpected Result: Sending a domain name exceeding the allocated buffer size (header + 128 bytes) triggers a Heap Buffer Overflow via memcpy. The AddressSanitizer (ASan) in the Docker container will report the memory violation and abort the server.
- The Bug: The server uses
strcpy(user, recvbuf + 5)to copy the input into a fixed 64-byte buffer without checking the length. - The Exploit: Sending >64 bytes overwrites the stack return address, crashing the program (and potentially allowing RCE in a real-world scenario).
- The Bug: The server performs
result = num_a // num_bblindly. - The Exploit: A packet with
num_b = 0causes a runtime exception that kills the server process immediately.
- The Bug: A simulation of a real vulnerability in Dnsmasq 2.75. The server calculates the response buffer size incorrectly:
int estimated_size = sizeof(struct DNS_HEADER) + 128; // Too small for long domains // ... memcpy(ptr, qname, qname_len); // Overflow occurs here
- The Exploit: The fuzzer constructs a valid DNS packet but extends the query name beyond the 128-byte safety margin, corrupting the heap metadata.
By using these fuzzing tools, we successfully:
- ✅ Automated the discovery of fatal crashes in all three servers.
- ✅ Generated crash reports and logs for analysis.
- ✅ Demonstrated the effectiveness of black-box testing in uncovering memory corruption and logic flaws that static analysis might miss.
This project is for educational purposes only. The vulnerabilities demonstrated here are intentional and exist within a controlled, isolated environment. Do not use these tools against targets without explicit permission.