1. 8

  2. 3

    The biggest issue with using Fuzzowski 5GC is that it needs the structure of the messages to be defined. Creating message definitions, sequences, and functionality to handle message sequences is a slow and manual process. The messages are generally created from WireShark captures and therefore tend not to cover all parts of the protocol specification (e.g., optional elements).

    This gets particularly annoying when the protocol itself is hairy. There are protocols (BACnet, excuse me, f*cking BACnet, comes to mind) which are hairy enough that, on a first approximation, fuzzing them is not much easier than implementing them in the first place.

    1. 1

      Try fuzzing wayland.