This is the source code for the MQTT fuzzer that we used in our paper Di Paolo, E., Bassetti, E., & Spognardi, A. (2021). Security assessment of common open source MQTT brokers and clients. @ ITASEC21: Italian Conference on Cybersecurity, April 07–09, 2021, Online
This code was tested with Python 3.7. Libraries needed are specified in the requirements.txt
file.
We suggest to setup a virtual environment to avoid conflicts and mismatched libraries:
python3 -m venv venv
. venv/bin/activate
pip install -r requirements
For more information about virtual envs please refer to the official documentation.
File | Description |
---|---|
mqttprotocol.py | This file contains the MQTT protocol implementation. Packets implemented: connect, connack, publish, puback, pubrec, pubrel,, pubcomp, subscribe, suback, unsubscribe, unsuback,, pingreq, pingresp, disconnect. |
client.py | MQTT Client implementation for testing purpose. |
publisher.py | MQTT Publisher implementation with Twisted and radamsa (payload fuzzing test). |
tester.py | With this script you can run the experiments. Example: ./tester.py --host %host --port %port --packets %packets_file . By default host is localhost, port is 1883, packets_file represents a path to a json file and it has not a default value. |
packets.json | Example of packets that can be passed to the tester. |
utils.py | This file contains some utils to encode/decode packets. |
packets_generated | This folder contains all the experiments, which are reported in the paper. |
This code is licensed under GPLv3. See LICENSE for more information.
If you use this code in your research please cite our paper: Di Paolo, E., Bassetti, E., & Spognardi, A. (2021). Security assessment of common open source MQTT brokers and clients. @ ITASEC21: Italian Conference on Cybersecurity, April 07–09, 2021, Online