How to Set Up a Java-grpc Application Project for Fuzzing
Compile Application Protocol Buffers
An essential step of the fuzzing setup of Java-gRPC applications is to compile the Protocol Buffer files of the application. The most commonly used Interface Definition Language of gRPC applications are Protobuffers. Fuzzing of Java-gRPC applications will target the mutation and transmission of protobuffers. For that reason, the Proto buf definitions will be used to generate stubs that can be called by the fuzzer and be used for the mutation of the application's input data. The protobuffer description files (.proto) of the target application can be compiled with ci-protoc of Code Intelligence:
ci-protoc STUB_OUT_PATH PROTOC_ARGS...
STUB_OUT_PATH will be the name of a shared object file that can be used afterwards by the CI-daemon to generate reasonable gRPC input data for the target application.
Protocol Buffer Field Hints
Some applications have authorization or authentication in place which requires to have fixed values to be set in protobuffers send by client applications. For example, let there be an access token called "letmein" for a Java-gRPC target service, then the following example ci-protoc command can be used to generate a stub.so that cover authorized messages during fuzzing.
ci-protoc libproto_stub.so -Iproto proto/target_service.proto --field_hint=access_token=let_me_in
Field Hints will be used as hints during fuzzing. This means the fuzzer will also fuzz the access_token hint, but sometimes will use the set hint to cover authorized code paths in addition.
Hint: It is possible to set multiple hint values for the same field if it is reasonable, for example to cover different authorization level of an application.
Creating the project
First you have to start the CI-Daemon. Open a new terminal and start it with:
To set up fuzzing for Java-gRPC Applications, open the project in VS Code.
If you have our extension installed, you can start it with clicking on our logo in the left sidebar. This will lead you from VS Code’s file browser sidebar to our CI Fuzz sidebar:
From here you can create the Fuzzing Project with a click on “Create Fuzzing Project”
A quick setup is possible by selecting "Setup project for web application fuzzing". This will create a project without a docker image and without a build script, neither of which are needed for out of process fuzzing.
Read next: Connecting Web Applications