Defensics is a model-based fuzzer. A basic Defensics test suite is written on the basis of protocol specifications. In the case of gRPC though, this does not work because each system has its own definition. We know the basic encoding for the various fields, but to create effective test cases, we need to know more about the system under test.
Another problem with gRPC fuzzing is that while we can learn the protocol model and service endpoints from a Protobuf definition, we don’t know how the system under test uses the RPCs and what data is sent over the messages. We could create a test sequence for each RPC separately, but most systems have an internal state in which RPC A needs to be sent before RPC B, so the server is in the correct state to receive RPC B.
The gRPC test suite offers customers a way to import Protobuf files into Defensics using a gRPC wizard. The gRPC wizard takes in Protobuf definitions, parses them, and shows the available remote procedure calls defined in the files. RPCs can then be used for building a test sequence, which is relevant for the tested system. In addition to building a relevant test sequence, the wizard also allows users to modify each send message to have relevant valid values in the message fields. This is done to ensure the gRPC test suite is interoperable with the test target.
The following image shows the gRPC wizard in action. The imported file is example.proto.