| In recent years,Io T-related technologies have developed rapidly,and Io T products have also been updated and iterated continuously.Among them,Internet of Things devices represented by network cameras or IP Camera(IPCam)are widely used.IPCam is widely used in surveillance and security of various places such as homes,shopping malls,schools,hospitals,etc.It is closely related to people's lives.What followed were frequent leaks of private information and botnet attacks.This is the result of IPCam's own vulnerabilities being exploited by attackers.Therefore,it is necessary to explore the vulnerabilities of the existing IPCam equipment and submit them to the manufacturer to fix the vulnerabilities in time to reduce the chance of exploiting the vulnerabilities.Fuzzing testing is a mature and reliable method of black box testing that uses a large amount of unexpected data as the input of the application to discover possible security flaws or vulnerabilities in the program.Vulnerability mining from the firmware level has the problems of difficulty in obtaining firmware and complicated data acquisition channels in firmware.Therefore,this paper adopts the fuzz test vulnerability mining on the unique RTSP service of IPCam.This paper has passed the design of a framework for fuzz testing automation,including IPCam detection module,weak password vulnerability verification module,data acquisition module,data processing module,Boofuzz module and vulnerability verification module,and realize the functions of each module.That is,using this framework can discover IPCam devices in the same local area network,and export their device name,manufacturer,MAC address,IP address and other information;through the plug-in Selenium IDE in the Chrome browser,record the process of logging in to the IPCam management page and import it in the Python program,modify the relevant parameters and call the weak password set to simulate the user login operation to verify whether there is a weak password vulnerability;the data acquisition and processing module mainly implements the duplication processing of the RTSP protocol schoolbag,combined with the RTSP protocol The state diagram generates test cases for Boofuzz fuzzing test;Boofuzz uses test cases for fuzzing,and at the same time,it acts as an agent to monitor the module monitoring program to record abnormal test cases in log files;the vulnerability verification module implements the re-factoring of abnormal test cases.Release,and then combine the CVE and CNNVD vulnerability library to confirm whether the vulnerability exists.Four IPCams,namely HIKVISION EZVIZ C1 HC,Dahua TP6 C,TP-LINK IPC20,and C14,as the test targets,were tested.The result found that the TP-LINK IPC20 device has a weak password vulnerability with the user name "admin" and the password is empty;the Boofuzz tool spent a total of about 83 hours on the fuzzing test of the RTSP protocol,and a total of 8abnormalities were ran out.The replay confirmed that two buffer overflow vulnerabilities were found in the Dahua TP6C IPCam device. |
PDF Full Text Request