Skip to content

Instantly share code, notes, and snippets.

@c7h
Created June 17, 2022 18:29
Show Gist options
  • Save c7h/e3f6822a3376d8cf8d24113aa623f403 to your computer and use it in GitHub Desktop.
Save c7h/e3f6822a3376d8cf8d24113aa623f403 to your computer and use it in GitHub Desktop.
RESTler generate combinations of fuzzing grammar for the NFDiscovery Endpoint.
"""
Generate custom grammar to fuzz Open5GC NFDiscovery
endpoint with a maximum of 13 parameters a a time
"""
import sys
imports = r"""
from __future__ import print_function
import json
from engine import primitives
from engine.core import requests
from engine.errors import ResponseParsingException
from engine import dependencies
req_collection = requests.RequestCollection([])
"""
pre = """
primitives.restler_static_string("GET "),
primitives.restler_static_string("/"),
primitives.restler_static_string("nnrf-disc"),
primitives.restler_static_string("/"),
primitives.restler_static_string("v1"),
primitives.restler_static_string("/"),
primitives.restler_static_string("nf-instances"),
primitives.restler_static_string("?"),
"""
footer = r"""
primitives.restler_static_string(" HTTP/1.1\r\n"),
primitives.restler_static_string("Accept: application/json\r\n"),
primitives.restler_static_string("Host: {apiRoot}\r\n"),
primitives.restler_static_string("Accept-Encoding: "),
primitives.restler_fuzzable_string("fuzzstring", quoted=False),
primitives.restler_static_string("\r\n"),
primitives.restler_static_string("If-None-Match: "),
primitives.restler_fuzzable_string("fuzzstring", quoted=False),
primitives.restler_static_string("\r\n"),
primitives.restler_refreshable_authentication_token("authentication_token_tag"),
primitives.restler_static_string("\r\n"),
"""
envelope = """
request = requests.Request([
{pre}
{mandatory}
{primitives}
{footer}
],
requestId="/nf-instances"
)
req_collection.add_request(request)
"""
mandatory = [
(
"""primitives.restler_static_string("target-nf-instance-id=")""",
"""primitives.restler_fuzzable_uuid4("566048da-ed19-4cd3-8e0a-b7e0e1ec4d72", quoted=False)"""
),
(
"""primitives.restler_static_string("target-nf-type=")""",
"""primitives.restler_fuzzable_group("target-nf-type", ['NRF','UDM','AMF','SMF','AUSF','NEF','PCF','SMSF','NSSF','UDR','LMF','GMLC','5G_EIR','SEPP','UPF','N3IWF','AF','UDSF','BSF','CHF','NWDAF','PCSCF','CBCF','HSS','UCMF','SOR_AF','SPAF','MME','SCSAS','SCEF','SCP','NSSAAF','ICSCF','SCSCF','DRA'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("target-nf-type=")""",
"""primitives.restler_fuzzable_group("target-nf-type", ['NRF','UDM','AMF','SMF','AUSF','NEF','PCF','SMSF','NSSF','UDR','LMF','GMLC','5G_EIR','SEPP','UPF','N3IWF','AF','UDSF','BSF','CHF','NWDAF','PCSCF','CBCF','HSS','UCMF','SOR_AF','SPAF','MME','SCSAS','SCEF','SCP','NSSAAF','ICSCF','SCSCF','DRA'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("requester-nf-type=")""",
"""primitives.restler_fuzzable_group("requester-nf-type", ['NRF','UDM','AMF','SMF','AUSF','NEF','PCF','SMSF','NSSF','UDR','LMF','GMLC','5G_EIR','SEPP','UPF','N3IWF','AF','UDSF','BSF','CHF','NWDAF','PCSCF','CBCF','HSS','UCMF','SOR_AF','SPAF','MME','SCSAS','SCEF','SCP','NSSAAF','ICSCF','SCSCF','DRA'] ,quoted=False)"""
),
]
# 2-tuple with (field, value) parts
optional_parameter = [
(
"""primitives.restler_static_string("requester-nf-instance-id=")""",
"""primitives.restler_fuzzable_uuid4("566048da-ed19-4cd3-8e0a-b7e0e1ec4d72", quoted=False)"""
),
(
"""primitives.restler_static_string("service-names=")""",
"""primitives.restler_fuzzable_group("", ['nnrf-nfm','nnrf-disc','nnrf-oauth2','nudm-sdm','nudm-uecm'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("requester-nf-instance-fqdn=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("target-plmn-list=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("requester-plmn-list=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("target-nf-fqdn=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("hnrf-uri=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("snssais=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("requester-snssais=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("plmn-specific-snssai-list=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("requester-plmn-specific-snssai-list=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("dnn=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("nsi-list=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("smf-serving-area=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("tai=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("amf-region-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("amf-set-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("guami=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("supi=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("ue-ipv4-address=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["198.51.100.1"])"""
),
(
"""primitives.restler_static_string("ip-domain=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("ue-ipv6-prefix=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["2001:db8:abcd:12::0/64"])"""
),
(
"""primitives.restler_static_string("pgw-ind=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("pgw=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("gpsi=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("external-group-identity=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("internal-group-identity=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("pfd-data=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("data-set=")""",
"""primitives.restler_fuzzable_group("data-set", ['SUBSCRIPTION','POLICY','EXPOSURE','APPLICATION'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("routing-indicator=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("group-id-list=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("dnai-list=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("pdu-session-types=")""",
"""primitives.restler_fuzzable_group("", ['IPV4','IPV6','IPV4V6','UNSTRUCTURED','ETHERNET'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("event-id-list=")""",
"""primitives.restler_fuzzable_group("", ['LOAD_LEVEL_INFORMATION','NETWORK_PERFORMANCE','NF_LOAD','SERVICE_EXPERIENCE','UE_MOBILITY','UE_COMMUNICATION','QOS_SUSTAINABILITY','ABNORMAL_BEHAVIOUR','USER_DATA_CONGESTION','NSI_LOAD_LEVEL'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("nwdaf-event-list=")""",
"""primitives.restler_fuzzable_group("", ['SLICE_LOAD_LEVEL','NETWORK_PERFORMANCE','NF_LOAD','SERVICE_EXPERIENCE','UE_MOBILITY','UE_COMMUNICATION','QOS_SUSTAINABILITY','ABNORMAL_BEHAVIOUR','USER_DATA_CONGESTION','NSI_LOAD_LEVEL'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("supported-features=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("upf-iwk-eps-ind=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("chf-supported-plmn=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("preferred-locality=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("access-type=")""",
"""primitives.restler_fuzzable_group("access-type", ['3GPP_ACCESS','NON_3GPP_ACCESS'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("limit=")""",
"""primitives.restler_fuzzable_int("1")"""
),
(
"""primitives.restler_static_string("required-features=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("complex-query=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("max-payload-size=")""",
"""primitives.restler_fuzzable_int("1")"""
),
(
"""primitives.restler_static_string("max-payload-size-ext=")""",
"""primitives.restler_fuzzable_int("1")"""
),
(
"""primitives.restler_static_string("atsss-capability=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("upf-ue-ip-addr-ind=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("client-type=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("lmf-id=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("an-node-type=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("rat-type=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("preferred-tai=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("preferred-nf-instances=")""",
"""primitives.restler_fuzzable_uuid4("566048da-ed19-4cd3-8e0a-b7e0e1ec4d72", quoted=False)"""
),
(
"""primitives.restler_static_string("target-snpn=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("requester-snpn-list=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("af-ee-data=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("w-agf-info=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("tngf-info=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("twif-info=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("target-nf-set-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("target-nf-service-set-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("nef-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("notification-type=")""",
"""primitives.restler_fuzzable_group("notification-type", ['N1_MESSAGES','N2_INFORMATION','LOCATION_NOTIFICATION','DATA_REMOVAL_NOTIFICATION','DATA_CHANGE_NOTIFICATION','LOCATION_UPDATE_NOTIFICATION','NSSAA_REAUTH_NOTIFICATION','NSSAA_REVOC_NOTIFICATION'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("n1-msg-class=")""",
"""primitives.restler_fuzzable_group("n1-msg-class", ['5GMM','SM','LPP','SMS','UPDP','LCS'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("n2-info-class=")""",
"""primitives.restler_fuzzable_group("n2-info-class", ['SM','NRPPa','PWS','PWS-BCAL','PWS-RF','RAN','V2X'] ,quoted=False)"""
),
(
"""primitives.restler_static_string("serving-scope=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("imsi=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("ims-private-identity=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("ims-public-identity=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("msisdn=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("preferred-api-versions=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("v2x-support-ind=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("redundant-gtpu=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("redundant-transport=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("ipups=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("scp-domain-list=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("address-domain=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("ipv4-addr=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["198.51.100.1"])"""
),
(
"""primitives.restler_static_string("ipv6-prefix=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["2001:db8:abcd:12::0/64"])"""
),
(
"""primitives.restler_static_string("served-nf-set-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("remote-plmn-id=")""",
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")"""
),
(
"""primitives.restler_static_string("data-forwarding=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("preferred-full-plmn=")""",
"""primitives.restler_fuzzable_bool("true")"""
),
(
"""primitives.restler_static_string("requester-features=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("realm-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("storage-id=")""",
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)"""
),
(
"""primitives.restler_static_string("vsmf-support-ind=")""",
"""primitives.restler_fuzzable_bool("true")"""
)
]
def render_parameter_list(plist: list) -> str:
output = ""
for i in plist:
field, value = i
output += field
output += ","
output += '\n'
output += value
output += ","
output += '\n'
# Series separator at the end
output += 'primitives.restler_static_string("&")'
output += ","
output += '\n'
output += '\n'
return output
def get_optional_parameter(parameter_per_request: int) -> str:
# include mandatory parameters
plist = optional_parameter[:parameter_per_request]
output = render_parameter_list(plist)
del optional_parameter[:parameter_per_request]
return output
def render_combinations(parameter_per_request: int):
optional_parameters = get_optional_parameter(parameter_per_request)
rendered_mandatory = render_parameter_list(mandatory)
rendered_grammar = envelope.format(pre=pre, mandatory=rendered_mandatory, primitives=optional_parameters, footer=footer)
sys.stdout.write(rendered_grammar)
if __name__ == '__main__':
sys.stdout.write(imports)
while optional_parameter:
render_combinations(3)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment