Please note that the ITEA Office will be closed from 25 December 2024 to 1 January 2025 inclusive.
Fuzz-Against-The-Machine (FATM) - MQTT-Fuzzer
- Project
- 17005 SCRATCh
- Description
- Fuzzing is a suitable testing technique to enhance the security of MQTT applications
- FATM was able to detect a Memory Leak inside Mosquitto MQTT Broker (CVE-2021-34431)
- Contact
- OTARIS
- office@otaris.de
- Technical features
Input(s):
- A textfile with Strings which serve as values for the generation of the MQTT packets
- Log files
Main feature(s):
- Generation, mutation and delivery of MQTT control packets, which have the potential to reveal programming flaws in MQTT brokers
- Replay feature for log files that helps to analyse detected errors
Output(s):
- Log files containing the hexadecimal representation of every sent packet
- Integration constraints
- FATM relies on the Python library Scapy for building MQTT packets
- FATM is easily deployed on Linux
- Targeted customer(s)
Developers and researchers working with MQTT applications.
- Conditions for reuse
GPLv2 License
- Confidentiality
- Public
- Publication date
- 18-03-2022
- Involved partners
- OTARIS Interactive Services GmbH (DEU)