Fuzz-Against-The-Machine (FATM) - MQTT-Fuzzer

• Fuzzing is a suitable testing technique to enhance the security of MQTT applications
• FATM was able to detect a Memory Leak inside Mosquitto MQTT Broker (CVE-2021-34431)

Input(s):

• A textfile with Strings which serve as values for the generation of the MQTT packets
• Log files

Main feature(s):

• Generation, mutation and delivery of MQTT control packets, which have the potential to reveal programming flaws in MQTT brokers
• Replay feature for log files that helps to analyse detected errors

Output(s):

• Log files containing the hexadecimal representation of every sent packet

• FATM relies on the Python library Scapy for building MQTT packets
• FATM is easily deployed on Linux

Developers and researchers working with MQTT applications.

GPLv2 License