Abstract:
Signed XML documents provide a way to securely exchange authenticated data between application. They form the foundation of protocols such as SOAP and SAML, both of which are widely used on today’s internet. In the past years, attacks against signed XML documents have been uncovered. These weaken the security of the aforementioned protocols. While there are tools for testing applications against known attacks, these tools are protocol specific and only cover known attacks. They lack the ability to find new vulnerabilities and those that are independent of the protocol used.
In this paper, we implement and evaluate a new approach that uses fuzzing to solve both problems. Our tool, called XML Signature Mutator (XSM), is an extension for AFL++ and performs random mutations on the XML DOM. This enables the fuzzer to perform meaningful modifications to the highly-structured inputs. Compared to existing tools that fuzz XML documents, our tool focuses on fuzzing signed documents. The evaluation shows that XSM enables AFL++ to generate complex attacks on signed XML documents and that it improves the overall performance in regard to fuzzing high-level XML libraries.