Created
June 17, 2022 18:29
-
-
Save c7h/e3f6822a3376d8cf8d24113aa623f403 to your computer and use it in GitHub Desktop.
RESTler generate combinations of fuzzing grammar for the NFDiscovery Endpoint.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
Generate custom grammar to fuzz Open5GC NFDiscovery | |
endpoint with a maximum of 13 parameters a a time | |
""" | |
import sys | |
imports = r""" | |
from __future__ import print_function | |
import json | |
from engine import primitives | |
from engine.core import requests | |
from engine.errors import ResponseParsingException | |
from engine import dependencies | |
req_collection = requests.RequestCollection([]) | |
""" | |
pre = """ | |
primitives.restler_static_string("GET "), | |
primitives.restler_static_string("/"), | |
primitives.restler_static_string("nnrf-disc"), | |
primitives.restler_static_string("/"), | |
primitives.restler_static_string("v1"), | |
primitives.restler_static_string("/"), | |
primitives.restler_static_string("nf-instances"), | |
primitives.restler_static_string("?"), | |
""" | |
footer = r""" | |
primitives.restler_static_string(" HTTP/1.1\r\n"), | |
primitives.restler_static_string("Accept: application/json\r\n"), | |
primitives.restler_static_string("Host: {apiRoot}\r\n"), | |
primitives.restler_static_string("Accept-Encoding: "), | |
primitives.restler_fuzzable_string("fuzzstring", quoted=False), | |
primitives.restler_static_string("\r\n"), | |
primitives.restler_static_string("If-None-Match: "), | |
primitives.restler_fuzzable_string("fuzzstring", quoted=False), | |
primitives.restler_static_string("\r\n"), | |
primitives.restler_refreshable_authentication_token("authentication_token_tag"), | |
primitives.restler_static_string("\r\n"), | |
""" | |
envelope = """ | |
request = requests.Request([ | |
{pre} | |
{mandatory} | |
{primitives} | |
{footer} | |
], | |
requestId="/nf-instances" | |
) | |
req_collection.add_request(request) | |
""" | |
mandatory = [ | |
( | |
"""primitives.restler_static_string("target-nf-instance-id=")""", | |
"""primitives.restler_fuzzable_uuid4("566048da-ed19-4cd3-8e0a-b7e0e1ec4d72", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("target-nf-type=")""", | |
"""primitives.restler_fuzzable_group("target-nf-type", ['NRF','UDM','AMF','SMF','AUSF','NEF','PCF','SMSF','NSSF','UDR','LMF','GMLC','5G_EIR','SEPP','UPF','N3IWF','AF','UDSF','BSF','CHF','NWDAF','PCSCF','CBCF','HSS','UCMF','SOR_AF','SPAF','MME','SCSAS','SCEF','SCP','NSSAAF','ICSCF','SCSCF','DRA'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("target-nf-type=")""", | |
"""primitives.restler_fuzzable_group("target-nf-type", ['NRF','UDM','AMF','SMF','AUSF','NEF','PCF','SMSF','NSSF','UDR','LMF','GMLC','5G_EIR','SEPP','UPF','N3IWF','AF','UDSF','BSF','CHF','NWDAF','PCSCF','CBCF','HSS','UCMF','SOR_AF','SPAF','MME','SCSAS','SCEF','SCP','NSSAAF','ICSCF','SCSCF','DRA'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("requester-nf-type=")""", | |
"""primitives.restler_fuzzable_group("requester-nf-type", ['NRF','UDM','AMF','SMF','AUSF','NEF','PCF','SMSF','NSSF','UDR','LMF','GMLC','5G_EIR','SEPP','UPF','N3IWF','AF','UDSF','BSF','CHF','NWDAF','PCSCF','CBCF','HSS','UCMF','SOR_AF','SPAF','MME','SCSAS','SCEF','SCP','NSSAAF','ICSCF','SCSCF','DRA'] ,quoted=False)""" | |
), | |
] | |
# 2-tuple with (field, value) parts | |
optional_parameter = [ | |
( | |
"""primitives.restler_static_string("requester-nf-instance-id=")""", | |
"""primitives.restler_fuzzable_uuid4("566048da-ed19-4cd3-8e0a-b7e0e1ec4d72", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("service-names=")""", | |
"""primitives.restler_fuzzable_group("", ['nnrf-nfm','nnrf-disc','nnrf-oauth2','nudm-sdm','nudm-uecm'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("requester-nf-instance-fqdn=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("target-plmn-list=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("requester-plmn-list=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("target-nf-fqdn=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("hnrf-uri=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("snssais=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("requester-snssais=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("plmn-specific-snssai-list=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("requester-plmn-specific-snssai-list=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("dnn=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("nsi-list=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("smf-serving-area=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("tai=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("amf-region-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("amf-set-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("guami=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("supi=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("ue-ipv4-address=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["198.51.100.1"])""" | |
), | |
( | |
"""primitives.restler_static_string("ip-domain=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("ue-ipv6-prefix=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["2001:db8:abcd:12::0/64"])""" | |
), | |
( | |
"""primitives.restler_static_string("pgw-ind=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("pgw=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("gpsi=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("external-group-identity=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("internal-group-identity=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("pfd-data=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("data-set=")""", | |
"""primitives.restler_fuzzable_group("data-set", ['SUBSCRIPTION','POLICY','EXPOSURE','APPLICATION'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("routing-indicator=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("group-id-list=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("dnai-list=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("pdu-session-types=")""", | |
"""primitives.restler_fuzzable_group("", ['IPV4','IPV6','IPV4V6','UNSTRUCTURED','ETHERNET'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("event-id-list=")""", | |
"""primitives.restler_fuzzable_group("", ['LOAD_LEVEL_INFORMATION','NETWORK_PERFORMANCE','NF_LOAD','SERVICE_EXPERIENCE','UE_MOBILITY','UE_COMMUNICATION','QOS_SUSTAINABILITY','ABNORMAL_BEHAVIOUR','USER_DATA_CONGESTION','NSI_LOAD_LEVEL'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("nwdaf-event-list=")""", | |
"""primitives.restler_fuzzable_group("", ['SLICE_LOAD_LEVEL','NETWORK_PERFORMANCE','NF_LOAD','SERVICE_EXPERIENCE','UE_MOBILITY','UE_COMMUNICATION','QOS_SUSTAINABILITY','ABNORMAL_BEHAVIOUR','USER_DATA_CONGESTION','NSI_LOAD_LEVEL'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("supported-features=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("upf-iwk-eps-ind=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("chf-supported-plmn=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("preferred-locality=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("access-type=")""", | |
"""primitives.restler_fuzzable_group("access-type", ['3GPP_ACCESS','NON_3GPP_ACCESS'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("limit=")""", | |
"""primitives.restler_fuzzable_int("1")""" | |
), | |
( | |
"""primitives.restler_static_string("required-features=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("complex-query=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("max-payload-size=")""", | |
"""primitives.restler_fuzzable_int("1")""" | |
), | |
( | |
"""primitives.restler_static_string("max-payload-size-ext=")""", | |
"""primitives.restler_fuzzable_int("1")""" | |
), | |
( | |
"""primitives.restler_static_string("atsss-capability=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("upf-ue-ip-addr-ind=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("client-type=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("lmf-id=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("an-node-type=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("rat-type=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("preferred-tai=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("preferred-nf-instances=")""", | |
"""primitives.restler_fuzzable_uuid4("566048da-ed19-4cd3-8e0a-b7e0e1ec4d72", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("target-snpn=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("requester-snpn-list=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("af-ee-data=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("w-agf-info=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("tngf-info=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("twif-info=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("target-nf-set-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("target-nf-service-set-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("nef-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("notification-type=")""", | |
"""primitives.restler_fuzzable_group("notification-type", ['N1_MESSAGES','N2_INFORMATION','LOCATION_NOTIFICATION','DATA_REMOVAL_NOTIFICATION','DATA_CHANGE_NOTIFICATION','LOCATION_UPDATE_NOTIFICATION','NSSAA_REAUTH_NOTIFICATION','NSSAA_REVOC_NOTIFICATION'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("n1-msg-class=")""", | |
"""primitives.restler_fuzzable_group("n1-msg-class", ['5GMM','SM','LPP','SMS','UPDP','LCS'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("n2-info-class=")""", | |
"""primitives.restler_fuzzable_group("n2-info-class", ['SM','NRPPa','PWS','PWS-BCAL','PWS-RF','RAN','V2X'] ,quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("serving-scope=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("imsi=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("ims-private-identity=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("ims-public-identity=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("msisdn=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("preferred-api-versions=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("v2x-support-ind=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("redundant-gtpu=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("redundant-transport=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("ipups=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("scp-domain-list=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("address-domain=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("ipv4-addr=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["198.51.100.1"])""" | |
), | |
( | |
"""primitives.restler_static_string("ipv6-prefix=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False, examples=["2001:db8:abcd:12::0/64"])""" | |
), | |
( | |
"""primitives.restler_static_string("served-nf-set-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("remote-plmn-id=")""", | |
r"""primitives.restler_fuzzable_object("{ \"fuzz\": false }")""" | |
), | |
( | |
"""primitives.restler_static_string("data-forwarding=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("preferred-full-plmn=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
), | |
( | |
"""primitives.restler_static_string("requester-features=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("realm-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("storage-id=")""", | |
"""primitives.restler_fuzzable_string("fuzzstring", quoted=False)""" | |
), | |
( | |
"""primitives.restler_static_string("vsmf-support-ind=")""", | |
"""primitives.restler_fuzzable_bool("true")""" | |
) | |
] | |
def render_parameter_list(plist: list) -> str: | |
output = "" | |
for i in plist: | |
field, value = i | |
output += field | |
output += "," | |
output += '\n' | |
output += value | |
output += "," | |
output += '\n' | |
# Series separator at the end | |
output += 'primitives.restler_static_string("&")' | |
output += "," | |
output += '\n' | |
output += '\n' | |
return output | |
def get_optional_parameter(parameter_per_request: int) -> str: | |
# include mandatory parameters | |
plist = optional_parameter[:parameter_per_request] | |
output = render_parameter_list(plist) | |
del optional_parameter[:parameter_per_request] | |
return output | |
def render_combinations(parameter_per_request: int): | |
optional_parameters = get_optional_parameter(parameter_per_request) | |
rendered_mandatory = render_parameter_list(mandatory) | |
rendered_grammar = envelope.format(pre=pre, mandatory=rendered_mandatory, primitives=optional_parameters, footer=footer) | |
sys.stdout.write(rendered_grammar) | |
if __name__ == '__main__': | |
sys.stdout.write(imports) | |
while optional_parameter: | |
render_combinations(3) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment