What about complex inputs and stateful protocols?

Hi again.

What about complex inputs and stateful protocols, does Mayhem support these?


Mayhem has no problem with complex inputs or with stateful protocols. For complex inputs, a standard best practice is to provide a good seed corpus, or in other words, a set of known, good initial inputs. While not required to get started, providing an initial set of inputs allows Mayhem to penetrate deeper into your target early.

Stateful protocols are also supported in two different ways:

  1. For protocols that keep a connection open, Mayhem will feed payloads to the target until the end of the payload is reached. That means that a payload can have multiple logical packets. The coverage guided nature of Mayhem will allow test cases to be generated that contain multiple packets.
  2. Some protocols change the socket that you’d want to deliver payloads to. For these cases, Mayhem can still analyze the target, but you’ll need to write a harness that either analyzes a single state in the protocol or delivers the payloads to the correct input.
1 Like