Fuzzing Requests And Responses Using A Proxy

US 20070203973A1
Filed: 02/28/2006
Published: 08/30/2007
Est. Priority Date: 02/28/2006
Status: Abandoned Application

First Claim

Patent Images

1. A System comprising:

at least one server including a server application;

at least one proxy adapted to communicate message traffic between at least one client and the server, wherein the at least one proxy is adapted to;

store at least one template resulting from the message traffic into a data store;

fuzz at least one request that is selected from the template; and

send the fuzzed request to the server as a test case; and

wherein the server is adapted to process the fuzzed request using the server application, and wherein the server includes at least one server status reporting component that is adapted to receive data representing at least one event that results from processing of a fuzzed request on the server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for fuzzing requests and responses using a proxy includes a client that may include a client application, a server that may include a server application, and a proxy coupled between the client and the server. The proxy communicates message traffic between the client and the server related to testing the client application or the server application. The proxy is adapted to store a template resulting from the message traffic into a data store to facilitate later fuzzing of requests or responses contained in the message traffic. A user interface for presenting events resulting from the fuzzing is also described.

62 Citations

View as Search Results

20 Claims

1. A System comprising:
- at least one server including a server application;
  
  at least one proxy adapted to communicate message traffic between at least one client and the server, wherein the at least one proxy is adapted to;
  
  store at least one template resulting from the message traffic into a data store;
  
  fuzz at least one request that is selected from the template; and
  
  send the fuzzed request to the server as a test case; and
  
  wherein the server is adapted to process the fuzzed request using the server application, and wherein the server includes at least one server status reporting component that is adapted to receive data representing at least one event that results from processing of a fuzzed request on the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further comprising the client, and wherein the client includes a traffic replay component that is adapted to receive the template, to select the request from the template, and to present the request to the proxy.
  - 3. The system of claim 1, wherein the proxy is adapted to log the request and the fuzzed request into the data store.
  - 4. The system of claim 1, wherein the server and the proxy are implemented on one machine.
  - 5. The system of claim 2, wherein the server, the client, and the proxy are implemented on separate respective machines.
  - 6. The system of claim 1, wherein the server includes a server monitoring component that is coupled to communicate with the server status reporting component, and is adapted to receive at least one report corresponding to the event.
  - 7. The system of claim 1, wherein the proxy includes a proxy debugging component that is coupled to receive at least one report of at least one event that occurs on the server as a result of the server processing at least one fuzzed request.
  - 8. The system of claim 7, wherein the proxy includes a proxy logging component that is adapted to store details relating to the event in the data store, and to associate the event at least with the fuzzed request.

9. A system comprising:
- at least one client including a client application;
  
  at least one proxy adapted to communicate message traffic between at least one server and the client, wherein the at least one proxy is adapted to;
  
  store at least one template resulting from the message traffic into a data store;
  
  fuzz at least one response that is selected from the template; and
  
  send the fuzzed response to the client as a test case; and
  
  wherein the client is adapted to process the fuzzed response using the client application, and wherein the client includes at least one client status reporting component that is adapted to receive data representing at least one event that results from processing a fuzzed response on the client.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, further comprising the server, and wherein the server includes a traffic replay component that is adapted to receive the template, to select at least one response from the template, and to present the response to the proxy.
  - 11. The system of claim 9, wherein the proxy is adapted to log the response and the fuzzed response into the data store.
  - 12. The system of claim 10, wherein the server, the client, and the proxy are implemented on separate respective machines.
  - 13. The system of claim 9, wherein the server and the proxy are implemented on one machine.
  - 14. The system of claim 9, wherein the client includes a client monitoring component that is coupled to communicate with the client status monitoring component, and is adapted to receive at least one report corresponding to the event.
  - 15. The system of claim 9, wherein the proxy includes a proxy debugging component that is coupled to receive at least one report of at least one event that occurs on the client as a result of the client processing at least one fuzzed response.
  - 16. The system of claim 15, wherein the proxy includes a proxy logging component that is adapted to store details relating to the event in the data store, and to associate the event at least with the fuzzed response.

17. A user interface presented by a computer-based system, the user interface comprising:
- an area adapted to present information relating to events that are correlated with fuzzed requests that are submitted to a server application under test, or correlated with fuzzed responses that are submitted to a client application under test.
- View Dependent Claims (18, 19, 20)
- - 18. The user interface of claim 17, wherein the first area is responsive to input from a tester to select at least one of the events, and further comprising at least a second area that is adapted to present additional information related to the selected event.
  - 19. The user interface of claim 17, further comprising a tool enabling the tester to specify whether the first area is to display at least one of requests, responses, pre-edit events, and post-edit events, and further comprising a tool enabling the tester to replay at least one selected event against a server or a client.
  - 20. The user interface of claim 17, wherein the first area is adapted to enable the tester to select a sequence of events, and further comprising at least a third area that is adapted to display additional details relating to the events.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Medvedev, Ivan, Sultan, Hassan, Abouchaev, Adel, Myrvold, Alan, Landauer, Lawrence, Oehlert, Peter, Ricker, Daniel, Gallagher, Thomas

Application Number

US11/276,454
Publication Number

US 20070203973A1
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

H04L 41/16   using machine learning or a...

H04L 41/22   comprising specially adapte...

H04L 43/50   Testing arrangements

Fuzzing Requests And Responses Using A Proxy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Fuzzing Requests And Responses Using A Proxy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links