Skip to content

Release v0.1.5 - AuthNZ tool fuzzing Support + Two-Phase Fuzzing

Choose a tag to compare

View all tags
@Agent-Hellboy Agent-Hellboy released this 08 Aug 15:48
· 233 commits to main since this release
v0.1.5
e51b999
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Major Features

Authentication-Based Tool Fuzzing

  • NEW: Fuzz tools that require authentication! 🎯
  • API Key Authentication: Bearer token support for protected endpoints
  • Basic Authentication: Username/password authentication
  • OAuth Token Authentication: OAuth bearer token support
  • Custom Headers: Flexible custom authentication headers
  • Tool-Specific Auth: Different authentication per tool via configuration
  • Configuration Options: JSON config files + environment variables

Two-Phase Fuzzing Architecture

  • NEW: --phase CLI argument supporting realistic, aggressive, and both modes
  • Realistic Phase: Tests with valid, compliant data to verify correct functionality
  • Aggressive Phase: Tests with malicious, malformed data to find security vulnerabilities
  • Comprehensive Testing: Run both phases with single --phase both command

Technical Improvements

Modular Strategy Architecture

Complete reorganization for maintainability and extensibility:

strategy/
β”œβ”€β”€ strategy_manager.py          # Unified interface
β”œβ”€β”€ realistic/
β”‚   β”œβ”€β”€ tool_strategy.py         # Valid tool arguments (UUID, Base64, timestamps)
β”‚   └── protocol_type_strategy.py # Valid protocol messages
└── aggressive/
    β”œβ”€β”€ tool_strategy.py         # Malicious tool arguments (injections, overflows)  
    └── protocol_type_strategy.py # Malformed protocol messages

Enhanced Fuzzing Capabilities

  • Phase-Aware Fuzzing: Strategy selection based on testing goals
  • Realistic Strategies: Base64 strings, UUIDs, ISO-8601 timestamps, semantic versions
  • Aggressive Strategies: SQL injection, XSS, path traversal, buffer overflows, null bytes
  • Authentication Integration: All fuzzing modes work with authenticated tools

Usage Examples

Authentication-Based Fuzzing

# Fuzz authenticated tools with config file
mcp-fuzzer --mode tools --auth-config examples/auth_config.json --endpoint http://localhost:8000/

# Fuzz authenticated tools with environment variables
export MCP_API_KEY="sk-your-api-key"
mcp-fuzzer --mode tools --auth-env --endpoint http://localhost:8000/

# Two-phase fuzzing with authentication
mcp-fuzzer --mode both --phase both --auth-config auth_config.json --endpoint http://localhost:8000/

Two-Phase Fuzzing

# Realistic fuzzing - test with valid data
mcp-fuzzer --mode both --phase realistic --protocol http --endpoint http://localhost:8000/mcp/

# Aggressive fuzzing - test with attack data
mcp-fuzzer --mode both --phase aggressive --protocol http --endpoint http://localhost:8000/mcp/

# Comprehensive testing - both phases
mcp-fuzzer --mode both --phase both --protocol http --endpoint http://localhost:8000/mcp/

Authentication Configuration

{
  "providers": {
    "openai_api": {
      "type": "api_key",
      "api_key": "sk-your-openai-api-key",
      "header_name": "Authorization"
    },
    "github_api": {
      "type": "api_key", 
      "api_key": "ghp-your-github-token",
      "header_name": "Authorization"
    }
  },
  "tool_mappings": {
    "openai_chat": "openai_api",
    "github_search": "github_api"
  }
}

New CLI Arguments

  • --phase {realistic,aggressive,both}: Choose fuzzing strategy approach
  • --auth-config PATH: Authentication configuration file
  • --auth-env: Use environment variables for authentication

Bug Fixes

  • Fixed E501 line length linting errors across codebase
  • Resolved async test execution issues in unittest suite
  • Fixed transport mock configuration for proper async context management
  • Corrected import order and formatting consistency
  • Cleaned up redundant example files

Statistics

  • +2,024 lines added, -2,522 lines removed (net code reduction through modularization)
  • 27 files changed across authentication and fuzzing improvements
  • 171 unit tests added with 74% coverage
  • 6 new CLI features: auth-config, auth-env, phase selection, realistic/aggressive modes

This release makes MCP Fuzzer significantly more powerful by adding authentication support for protected tools and implementing a sophisticated two-phase fuzzing approach. You can now fuzz both public and private/authenticated MCP tools with comprehensive realistic and aggressive testing strategies.

What's Changed

Full Changelog: v0.1.4...v0.1.6

Contributors

Agent-Hellboy
Assets 2
Loading