Vulnerability mining method of SOAP based on black‐box fuzzing

Abstract

AbstractIn the span of over two decades since the dawn of the twenty‐first century, global Internet of Things security incidents have continued to break out. Currently, there remains no vulnerability mining method that can be seamlessly adapted to diverse test scenarios. In this paper, we proposed a simple object access protocol (SOAP) analysis and vulnerability detection method based on black‐box fuzzing, which is used to extract more information from the limited SOAP traffic and explore the vulnerabilities of some Internet of Things devices that communicate through SOAP or advanced protocols based on SOAP. We transformed SOAP protocol packets into abstract syntax trees (AST), using a more granular approach to extract the production and guide the mutation. Based on this algorithm, we propose an automatic black‐box fuzzer, termed SOAPFuzzer. When testing real camera devices from various manufacturers, 0‐day vulnerabilities were successfully found on different devices. At present, 0‐day vulnerabilities have been reported to the China National Vulnerability Database (CNVD), and vulnerability number CNVD‐2023‐43 801 and original vulnerability certificates have been obtained. In terms of packet reception rate, SOAPFuzzer is 10.7% and 12.4% higher than the current popular black‐box Fuzzer Boofuzz on the two camera devices, respectively.