close search bar

Sorry, not available in this language yet

close language selection
Defensics SDK Data Sheet
Test Suite:
Defensics SDK
Direction:
Not applicable

The Defensics Suite Development Kit (SDK) is a framework for creating custom model-based fuzzers that can be deployed just like our commercially available pre-built suites. The Defensics SDK was developed to support Defensics users who require more granular control of their test suite configurations, or who need to test applications or devices that employ uncommon, customized, or proprietary protocols and interfaces. With the Defensics SDK, you can develop test suites that fit your particular needs. You can create a custom model for the inputs that you wish to fuzz, control the delivery of test cases to a target, determine if a target has failed, and influence the flow of the fuzzer. The suite created using Defensics SDK generates test cases based on custom created BNF model and custom functional logic implemented in Java programming language. The same SDK API is used internally to create our commercially available pre-built suites, so it is well-maintained and very powerful.

Used specifications

Specification
Title
Notes
Any
Any
The Defensics SDK can be used to implement a custom test suite for any uncommon, customized, or proprietary protocol specifications.

Tool-specific information

Major supported features
Description
Protocol modeling using BNF

The SDK supports a custom BNF-style modeling language for defining a machine-readable representation of the tested protocol. Defensics uses the model to create outgoing messages and parse incoming messages. The model contains definitions for valid messages that can be used in valid message exchanges. Additionally, the model provides information that is used by Defensics fuzzing engine to generate the test cases.

Test case injection

Defensics suites deliver test cases to the SUT using an injector, which can implement a network transport protocol or a file injection. In addition to the built-in injectors found from the SDK API (see the full list of supported built-in injectors in a separate table), the API also supports implementing custom injectors.

Dynamic suite behaviour

Add dynamic behavior to message model structures by using rules. Built-in generic rules for length, checksum, padding, offset calculation, and the rest are available through the SDK API for ease of use (see the full list of supported built-in rules in a separate table). The API also allows users to create their own custom dynamic rules for protocol specific functionality.

Instrumentation

The custom test suites built using the Defensics SDK support the same instrumentation methods as our other commercially pre-built suites. In addition to those, custom instrumentation methods can be implemented with the SDK API.

SDK PCAP Import Wizard

The Defensics SDK license enables a PCAP import wizard which you can use to quickly kickstart the suite development by creating a custom test suite project template based on a PCAP file.

Message sequence files

The SDK supports sequence files as a method for defining message dialog between the SUT and the test suite. Sequence files allow modifying message contents easily without requiring to rebuild a test suite. Test suite can have multiple test sequences for testing different aspects of the target implementation.

User-configurable settings

The suite developer can create settings that are configurable by the suite end-user. The user-configurable settings can, for example, control the values required for the injector to connect to the SUT, like SUT host address and port.

SafeGuard checks

Enable and design custom Defensics SafeGuards that detect subtle vulnerabilities and errors in response messages, or use the built-in SafeGuards available through the API (see the full list of supported built-in SafeGuard checks in a separate table).

Custom test cases

The SDK API allows the suite developers to design their own custom test cases, in addition to the ones that are automatically generated by the Defensics fuzzing engine.

Unit testing framework

The SDK API contains utility (TestingUtility) for writing unit tests for the custom test suite.

Built-in injectors
Description
UDP injector

Inject test data as UDP payloads.

TCP injector

Inject test data as TCP payloads.

TLS injector

Inject test data as TLS payloads.

Ethernet injector

Inject test data as Ethernet frame payloads.

IPv4/IPv6 injector

Inject test data as IPv4 or IPv6 packet payloads.

SCTP injector

Inject test data as SCTP payloads. (Linux only)

File export injector

Inject test data as a file.

Bluetooth LE GATT injector

Inject test data as GATT payloads. (Linux only)

Bluetooth RFCOMM injector

Inject test data as RFCOMM payloads. (Linux only)

HTTP injector

Inject test data as HTTP message payloads.

WebSocket injector

Inject test data as WebSocket payloads.

Log-only injector

Log the test data only, no real injection. Used for debugging and demo purposes.

Custom injector

Used to implement test case delivery over communication channels that are not available as built-in injectors in Defensics SDK API.

Custom file injector

Inject test data as a file and deliver it using a custom output method.

Built-in dynamic rules
Description
Length rule

Used for calculating byte length over a model structure.

Type correlation rule

Used for creating type correlation between model parts.

Checksum calculation rule

Used for calculating checksum values over model structure.

Structure count rule

Used for calculating how many times certain model structure has been repeated.

Sequence number rule

Used for placing sequentially increasing number in model.

Distance offset rule

Used for calculating the distance between two model structures.

Byte padding rule

Used for creating padding for model structure if the padded structure is not multiple of chosen data length.

Byte order reversion rule

Used for reversing the byte order of model.

Byte alignment rule

Used for padding model structure to full octets.

Application layer rule

Used for injecting data into the model dynamically.

Fragmentation rule

Used for splitting a payload into multiple fragments when the payload length is large enough.

Layering rule

Used for creating another layer of exchanged messages inside messages sent and received by a real injector.

Hash calculation rules

Used for calculating cryptographic hash function over a model structure.

Base64 conversion rule

Used for doing Base64 encoding/decoding to model sections.

Random number rule

Used for placing random numbers to the model.

Copy rule

Used for copying and pasting values from one model location to another.

Expected value verification rule

Used for verifying that received model has expected value.

Time delay rule

Used for delaying the evaluation of model structures and rules.

Timestamp rule

Used for placing a timestamp based on current system time to the model.

Charset conversion rule

Used for converting string from one charset to another.

Integer conversion rule

Used for converting source model structure into another integer format.

IP address conversion rule

Used for converting source model structure containing IPv4 or IPv6 address in ASCII format into binary format.

MAC address conversion rule

Used for converting source model structure containing MAC address in ASCII format into binary format.

Status information rule

Used for creating status information to test run results.

Model hide rule

Used for marking parts of the model to not be interesting for the test case generator.

Evaluation postpone rule

Used for changing the evaluation order of model parts.

Custom rule

Used for creating custom dynamic functionality for the test suite.

Built-in SafeGuard checks
Description
Amplification SafeGuard

Used to check if the response payload from the SUT is larger than the sent payload.

Authentication Bypass SafeGuard

Used to check if the SUT allows the message sequence to continue after sending it malformed authentication information.

Certificate Validation SafeGuard

Used to check that the SUT uses certificates correctly.

Echobleed SafeGuard

Used to check if the SUT leaks sensitive information in response messages by echoing back the sent payload.

Information Leak SafeGuard

Used to check if the SUT leaks sensitive information in response messages, such as IP addresses, passwords, e-mail addresses or URIs.

Unexpected Return SafeGuard

Used to check whether the SUT responds with messages that contain overflows from earlier messages or with response messages that have increased length.

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis