| Internet has been fully integrated into people's daily life in current time. At the same time, network security issues in Internet are also making more and more people pay attention. The main reason of these problem is that at the beginning of design, designers did not consider the security of the TCP/IP protocol. IPsec protocol is an important solution to IP communications security, and many large manufacturers have also launched IPSec products. The realization of these IPSec products directly affects the network's stability and expansibility. Therefore, it is important and necessary to test and exploit possible vulnerabilities in IPSec products. The method of mining vulnerabilities through Fuzz test has been widely used in the industry.This thesis studied the application methods of vulnerability mining of using Peach framework, which is a fuzz testing tool, for IKE protocol,AH protocol and ESP protocol of IPSec protocol. The thesis makes Peach support Fuzz test for IKE protocol based on pre-shared key authentication and signature authentication, AH protocol and ESP protocol through extending of the Peach receive message module,adding mutator module based on Frankencert and establishing IPSec Publisher,etc.The thesis improved Peach on Fuzz test for IPSec protocol,specificly included: Analyzing the structure of the IPSec protocol in detail. Extending receiving message module in Peach and related functions in Peach Pit according to the feature of IPSec protocol. Adding mutator module based on Frankencert. Establishing IPSec Publisher based cryptography. Finishing the corresponding Peach Pits in the deep understanding of IPSec protocol. And using extended Peach framework for fuzz test and vulnerability mining on IPSec service systems. |
PDF Full Text Request