跨平台 Web程式測試與攻擊產生系統

Abstract

本論文以滲透測試的角度，提出一跨平台網頁應用程式測試與攻擊系統，此系統能針對目標 web 應用程式自動產生攻擊字串，達成滲透測試的效果。 此系統透過網頁爬蟲取得待測 URL，並在 HTTP 要求中插入符號變數以記錄執行過程中的路徑限制式，藉此對現有的網頁應用程式進行脅迫產生。採用方法架構於 S2E 上，是以 QEMU 為基礎的符號執行環境。由於符號執行的執行時間呈指數成長，為了增進此系統的效率，採用單一路徑符號執行方式來取得路徑限制式。 目前已測試幾種開放原始碼的應用程式，能成功產生相對應的攻擊字串。

This thesis proposed a generic web application testing and attack generation framework. This system can automatically generate attack strings for the target system, just like penetration test. This system uses a web crawler to explore URLs, and generate HTTP requests. Each test sends symbolic variable to the target server in order to record path constraint. It can solve constraints of exploit from those gathered paths. This system is based on S2E, a symbolic environment based on QEMU. In order to improve efficiency of symbolic execution, this system uses single path concolic execution to generate web application exploit. Finally, we have applied this system to several known vulnerabilities on open source web applications, and generated the corresponding exploit successfully.