Fuzzing the Android applications with HTTP/HTTPS network data

Xinyue Huang, Anmin Zhou, Peng Jia, Luping Liu, Liang Liu
2019 IEEE Access  
Nowadays, the number of mobile netizens continues to grow, mobile life continues to infiltrate people's lives. Mobile applications play an increasingly important role in major industries (financial consumption, travel, education, and entertainment). High dependence and complexity make network communication become an important attack surface of mobile applications. How to quickly and efficiently discover security threats in the process of network interaction has become an urgent problem. This
more » ... er proposed a test method based on network packets fuzzing for Android applications. The scheme uses middleman technology to obtain the interaction data sent by servers to applications, adopts different mutation strategies to mutate the original data of different types, returns the mutated response data to applications, uses log monitoring technology to monitor crash information, thereby discovers potential security threats. 10 popular applications were tested based on the proposed method, and four kinds of problems were discovered. The problems contain unresponsiveness, crashes caused by JSON data exception, HTML content replacement, and URL redirection. The results indicated that the proposed method was effective in exposing bugs of mobile applications in the process of network data interaction. INDEX TERMS Android applications, Fuzzing, HTTP/HTTPS, network data.
doi:10.1109/access.2019.2915339 fatcat:7p5yhxtqsrbcdehzd2dksyoolm