Unit testing is a fundamental practice in software development and the goal is to create a test suite that tests the robustness of the software. It is challenging to create a test suite that covers every possible input to a system which can lead to security flaws not being detected. Fuzz testing is a technique that creates randomly generated, or fuzzy, input with the goal to uncover these areas of the input space potentially missed by the unit test suite. EtherNet/IP is an industrial communications protocol built on top of the TCP/IP suite. HMS Anybus develops hardware to use in secure networks in industrial settings utilizing the EtherNet/IP protocol. This report outlines the development of a Scapy-based fuzz testing tool capable of testing the implementation of the protocol on HMS devices. Additionally we propose a strategy for how the tool can be deployed in future testing. The resulting fuzz testing tool is capable of creating packets containing selected commands’ encapsulation headers and layering them with command specific data fields. These packets can be filled with static or fuzzy input depending on user configuration. The tool is implemented with the intention of providing HMS the capability for conducting fuzz testing. The report mentions multiple improvements that can be made using A.I. assisted generation of test cases and how the tool can be scaled in the future. This thesis project is a proof of concept that using Scapy to create a fuzz testing tool tailored to the EtherNet/IP protocol is possible.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:hh-53953 |
Date | January 2024 |
Creators | Köhler Djurberg, Markus, Heen, Isak |
Publisher | Högskolan i Halmstad, Akademin för informationsteknologi, Halmstad Högskola |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0014 seconds