Data

Tools

Indexes

Applications

Experiments

Open Source Science

h3fuzz

Testing framework with integrated grammar- & mutation-based fuzzer designed to test HTTP/3 (reverse) proxies for non-compliance with RFC 9114.

https://github.com/pittgi/h3fuzz

Science Score: 57.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 2 DOI reference(s) in README
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (3.9%) to scientific vocabulary
Last synced: 10 months ago · JSON representation ·

Repository

Testing framework with integrated grammar- & mutation-based fuzzer designed to test HTTP/3 (reverse) proxies for non-compliance with RFC 9114.

Basic Info
  • Host: GitHub
  • Owner: pittgi
  • License: mit
  • Language: Python
  • Default Branch: main
  • Homepage:
  • Size: 48.8 KB
Statistics
  • Stars: 0
  • Watchers: 1
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created about 1 year ago · Last pushed about 1 year ago
Metadata Files
Readme License Citation

README.md

h3fuzz

Testing framework with integrated grammar- & mutation-based fuzzer designed to test HTTP/3 (reverse) proxies for non-compliance with RFC 9114.

Testing Workflow

h3fuzz generates malformed HTTP/3 requests, sends them to (reverse) proxies and collects the forwarded messages for further analysis. We test for two kinds of RFC 9114 violations: 1. Strong violations: A request was forwarded without altering the malicious payload that rendered the request malformed. 2. Weak violations: A request was forwarded, but the malicious payload was removed (header sanitization).

The testing is done in two phases: 1. Pisu et al.'s approach is applied as a sequence of static tests (https://doi.org/10.1109/NCA61908.2024.00026) 2. A fuzzer generates additional random malformed requests.

How to

  1. Choose desired backend protocol version and run the desired backend server, e.g. python3 h1server.py
  2. Configure (reverse) proxy to accept self-signed certificates
  3. Run script as follows: python3 main.py https://<proxy-address>/ -g experiment.json -t <timeout-duration-in-sec> -n <number-of-fuzzes>

Owner

  • Login: pittgi
  • Kind: user
  • Location: Freiburg

CS Student, University of Freiburg

Citation (citation.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- family-names: "Gillessen"
  given-names: "Peter"
title: "h3fuzz"
version: 1.0.0
date-released: 2025-04-14
url: "https://github.com/pittgi/h3fuzz"

GitHub Events

Total
  • Push event: 5
  • Create event: 2
Last Year
  • Push event: 5
  • Create event: 2