ITEA is the Eureka Cluster on software innovation
ITEA is the Eureka Cluster on software innovation
Please note that the ITEA Office will be closed from 25 December 2024 to 1 January 2025 inclusive.
ITEA 4 page header azure circular

Fuzz-Against-The-Machine (FATM) - MQTT-Fuzzer

Project
17005 SCRATCh
Description
  • Fuzzing is a suitable testing technique to enhance the security of MQTT applications
  • FATM was able to detect a Memory Leak inside Mosquitto MQTT Broker (CVE-2021-34431)
Contact
OTARIS
Email
office@otaris.de
Technical features

Input(s):

  • A textfile with Strings which serve as values for the generation of the MQTT packets
  • Log files

Main feature(s):

  • Generation, mutation and delivery of MQTT control packets, which have the potential to reveal programming flaws in MQTT brokers
  • Replay feature for log files that helps to analyse detected errors

Output(s):

  • Log files containing the hexadecimal representation of every sent packet
Integration constraints
  • FATM relies on the Python library Scapy for building MQTT packets
  • FATM is easily deployed on Linux
Targeted customer(s)

Developers and researchers working with MQTT applications.

Conditions for reuse

GPLv2 License

Confidentiality
Public
Publication date
18-03-2022
Involved partners
OTARIS Interactive Services GmbH (DEU)