The Defensics Suite Development Kit (SDK) is a framework for creating custom model-based fuzzers that can be deployed just like our commercially available pre-built suites. The Defensics SDK was developed to support Defensics users who require more granular control of their test suite configurations, or who need to test applications or devices that employ uncommon, customized, or proprietary protocols and interfaces. With the Defensics SDK, you can develop test suites that fit your particular needs. You can create a custom model for the inputs that you wish to fuzz, control the delivery of test cases to a target, determine if a target has failed, and influence the flow of the fuzzer. The suite created using Defensics SDK generates test cases based on custom created BNF model and custom functional logic implemented in Java programming language. The same SDK API is used internally to create our commercially available pre-built suites, so it is well-maintained and very powerful.
The SDK supports a custom BNF-style modeling language for defining a machine-readable representation of the tested protocol. Defensics uses the model to create outgoing messages and parse incoming messages. The model contains definitions for valid messages that can be used in valid message exchanges. Additionally, the model provides information that is used by Defensics fuzzing engine to generate the test cases.
Defensics suites deliver test cases to the SUT using an injector, which can implement a network transport protocol or a file injection. In addition to the built-in injectors found from the SDK API (see the full list of supported built-in injectors in a separate table), the API also supports implementing custom injectors.
Add dynamic behavior to message model structures by using rules. Built-in generic rules for length, checksum, padding, offset calculation, and the rest are available through the SDK API for ease of use (see the full list of supported built-in rules in a separate table). The API also allows users to create their own custom dynamic rules for protocol specific functionality.
The custom test suites built using the Defensics SDK support the same instrumentation methods as our other commercially pre-built suites. In addition to those, custom instrumentation methods can be implemented with the SDK API.
The Defensics SDK license enables a PCAP import wizard which you can use to quickly kickstart the suite development by creating a custom test suite project template based on a PCAP file.
The SDK supports sequence files as a method for defining message dialog between the SUT and the test suite. Sequence files allow modifying message contents easily without requiring to rebuild a test suite. Test suite can have multiple test sequences for testing different aspects of the target implementation.
The suite developer can create settings that are configurable by the suite end-user. The user-configurable settings can, for example, control the values required for the injector to connect to the SUT, like SUT host address and port.
Enable and design custom Defensics SafeGuards that detect subtle vulnerabilities and errors in response messages, or use the built-in SafeGuards available through the API (see the full list of supported built-in SafeGuard checks in a separate table).
The SDK API allows the suite developers to design their own custom test cases, in addition to the ones that are automatically generated by the Defensics fuzzing engine.
The SDK API contains utility (TestingUtility) for writing unit tests for the custom test suite.
Inject test data as UDP payloads.
Inject test data as TCP payloads.
Inject test data as TLS payloads.
Inject test data as Ethernet frame payloads.
Inject test data as IPv4 or IPv6 packet payloads.
Inject test data as SCTP payloads. (Linux only)
Inject test data as a file.
Inject test data as GATT payloads. (Linux only)
Inject test data as RFCOMM payloads. (Linux only)
Inject test data as HTTP message payloads.
Inject test data as WebSocket payloads.
Log the test data only, no real injection. Used for debugging and demo purposes.
Used to implement test case delivery over communication channels that are not available as built-in injectors in Defensics SDK API.
Inject test data as a file and deliver it using a custom output method.
Used for calculating byte length over a model structure.
Used for creating type correlation between model parts.
Used for calculating checksum values over model structure.
Used for calculating how many times certain model structure has been repeated.
Used for placing sequentially increasing number in model.
Used for calculating the distance between two model structures.
Used for creating padding for model structure if the padded structure is not multiple of chosen data length.
Used for reversing the byte order of model.
Used for padding model structure to full octets.
Used for injecting data into the model dynamically.
Used for splitting a payload into multiple fragments when the payload length is large enough.
Used for creating another layer of exchanged messages inside messages sent and received by a real injector.
Used for calculating cryptographic hash function over a model structure.
Used for doing Base64 encoding/decoding to model sections.
Used for placing random numbers to the model.
Used for copying and pasting values from one model location to another.
Used for verifying that received model has expected value.
Used for delaying the evaluation of model structures and rules.
Used for placing a timestamp based on current system time to the model.
Used for converting string from one charset to another.
Used for converting source model structure into another integer format.
Used for converting source model structure containing IPv4 or IPv6 address in ASCII format into binary format.
Used for converting source model structure containing MAC address in ASCII format into binary format.
Used for creating status information to test run results.
Used for marking parts of the model to not be interesting for the test case generator.
Used for changing the evaluation order of model parts.
Used for creating custom dynamic functionality for the test suite.
Used to check if the response payload from the SUT is larger than the sent payload.
Used to check if the SUT allows the message sequence to continue after sending it malformed authentication information.
Used to check that the SUT uses certificates correctly.
Used to check if the SUT leaks sensitive information in response messages by echoing back the sent payload.
Used to check if the SUT leaks sensitive information in response messages, such as IP addresses, passwords, e-mail addresses or URIs.
Used to check whether the SUT responds with messages that contain overflows from earlier messages or with response messages that have increased length.