電機資訊學院: 電機工程學研究所指導教授: 雷欽隆王漢祺Wang, Han-ChiHan-ChiWang2017-03-062018-07-062017-03-062018-07-062016http://ntur.lib.ntu.edu.tw//handle/246246/276324近年來，網際網路及網站的快速發展及大量應用，使網站的安全性成為開發者以及使用者都開始關注的重要議題。HTML5和HTTP/2為HTML以及HTTP兩種協定的最新版本，目前已逐漸被大量應用在建構現代網站上。然而，目前並沒有足夠的工具可以用來有效測試這些使用HTML5及HTTP/2技術的網站裡潛藏的安全性弱點。 基於以上現象，我們實作了一個應用模糊測試來檢查網站的框架。在這個框架中，我們會找出所有可取得的網頁，分析每個網頁並找出可對網站伺服器發出攻擊的入口。為了產生測試資料，我們實作兩種演算法，一種是根據HTML5所規定的限制來變化，另一種則是將有限狀態機視為圖形，在圖中取出各種路徑並使用這些路徑來產生測試資料。HTTP/2部分，我們採用相同的流程及架構，在測試資料方面，我們的模糊測試框架將修改HTTP/2通信過程中的HEADERS封包，來檢測伺服器是否有正確的檢查並回應我們的攻擊封包。對以上兩種測試，我們設計了一個演算法來收集並整理測試的結果，以方便事後供測試員檢視。根據我們的實作結果，我們的框架可以在網站正式發布前進行測試，並找出有問題之頁面。Web security has become a significant issue for web service providers and users due to the rapid development of web technologies. Recently, HTML5 and HTTP/2 have been widely used in establishing modern websites; however, there are still few applications or tools for detecting potential vulnerabilities of these websites. In this paper, we design a fuzzing framework to investigate possible vulnerabilities in newly defined input types in HTML5. Our framework traverses all accessible web pages in websites, and analyzes each page to find entries for injecting our attacking test cases. We design a finite state machine based algorithms to generate test cases for fuzzing. We treat the finite state machines as graphs and extract path among them to generate test patterns. This method could be used on not only HTML5 but any input data which could be represented as regular expressions. Additionally, we propose a fuzzing tool for HTTP/2 protocol which test target server by modifying the HEADERS packet in HTTP/2 communication. For both fuzzers, we present a result aggregation algorithm to offload the effort of examining results. From our implementation, we are able to test architecture of a website and scan its vulnerabilities before its official operation.2707254 bytesapplication/pdf論文公開時間: 2016/8/24論文使用權限: 同意有償授權(權利金給回饋學校)模糊測試網站測試HTML5HTTP/2有限狀態機測試資料生成fuzz testingweb testingfinite state machinetest case generationthesis10.6342/NTU201601391http://ntur.lib.ntu.edu.tw/bitstream/246246/276324/1/ntu-105-R03921042-1.pdf