| 1 | #!/bin/bash |
| 2 | # Cryptographic API fuzzing - malformed inputs, boundary conditions, type confusion |
| 3 | SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" |
| 4 | source "$SCRIPT_DIR/../config.sh" |
| 5 | OUT="$OUT/crypto_fuzz" |
| 6 | mkdir -p "$OUT" |
| 7 | |
| 8 | echo '=== CRYPTO API FUZZING ===' | tee "$OUT/summary.txt" |
| 9 | |
| 10 | ALGOS=('classical' 'hybrid' 'post-quantum' 'ml-kem-1024' 'hqc-256' 'quad-layer') |
| 11 | |
| 12 | # Malformed JSON |
| 13 | echo '--- Malformed JSON ---' | tee -a "$OUT/summary.txt" |
| 14 | MALFORMED=( |
| 15 | '{}' |
| 16 | '{"data":null}' |
| 17 | '{"data":[]}' |
| 18 | '{"data":{}}' |
| 19 | '{"data":true}' |
| 20 | '{"data":-1}' |
| 21 | '{"data":""}' |
| 22 | 'null' |
| 23 | '[]' |
| 24 | 'not-json' |
| 25 | '{"data":"' |
| 26 | ) |
| 27 | for body in "${MALFORMED[@]}"; do |
| 28 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 -X POST -H 'Content-Type: application/json' -d "$body" "$API_TARGET/encrypt") |
| 29 | echo "[$resp] body: $body" | tee -a "$OUT/summary.txt" |
| 30 | done |
| 31 | |
| 32 | # Algorithm confusion / injection |
| 33 | echo '' | tee -a "$OUT/summary.txt" |
| 34 | echo '--- Algorithm Injection ---' | tee -a "$OUT/summary.txt" |
| 35 | ALG_PAYLOADS=( |
| 36 | '../../../etc/passwd' |
| 37 | '; cat /etc/passwd' |
| 38 | '$(id)' |
| 39 | 'classical; DROP TABLE keys' |
| 40 | 'none' |
| 41 | 'null' |
| 42 | 'undefined' |
| 43 | '../../config' |
| 44 | "classical\\x00hybrid" |
| 45 | "A$(python3 -c 'print("A"*10000)')" |
| 46 | ) |
| 47 | for alg in "${ALG_PAYLOADS[@]}"; do |
| 48 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 -X POST -H 'Content-Type: application/json' -d "{\"data\":\"test\",\"algorithm\":\"$alg\"}" "$API_TARGET/encrypt") |
| 49 | echo "[$resp] algorithm: $alg" | tee -a "$OUT/summary.txt" |
| 50 | done |
| 51 | |
| 52 | # Oversized payloads |
| 53 | echo '' | tee -a "$OUT/summary.txt" |
| 54 | echo '--- Oversized Payloads ---' | tee -a "$OUT/summary.txt" |
| 55 | for size in 1000 10000 100000 1000000; do |
| 56 | data=$(python3 -c "print('A' * $size)") |
| 57 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 15 -X POST -H 'Content-Type: application/json' -d "{\"data\":\"$data\",\"algorithm\":\"classical\"}" "$API_TARGET/encrypt") |
| 58 | echo "[$resp] payload size: $size bytes" | tee -a "$OUT/summary.txt" |
| 59 | done |
| 60 | |
| 61 | # Prototype pollution in JSON |
| 62 | echo '' | tee -a "$OUT/summary.txt" |
| 63 | echo '--- Prototype Pollution ---' | tee -a "$OUT/summary.txt" |
| 64 | PROTO_PAYLOADS=( |
| 65 | '{"__proto__":{"admin":true},"data":"test","algorithm":"classical"}' |
| 66 | '{"constructor":{"prototype":{"admin":true}},"data":"test"}' |
| 67 | '{"__proto__.admin":true,"data":"test"}' |
| 68 | ) |
| 69 | for body in "${PROTO_PAYLOADS[@]}"; do |
| 70 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 8 -X POST -H 'Content-Type: application/json' -d "$body" "$API_TARGET/encrypt") |
| 71 | echo "[$resp] $body" | tee -a "$OUT/summary.txt" |
| 72 | done |
| 73 | |
| 74 | cat "$OUT/summary.txt" |
| 75 |
Script Viewer
Red Team Suite › 10_crypto_api_fuzz.sh