0x02- The Stock Exchange

0x02(2)- The Target

https://euronext.com/optiq

0x02(3)- The Target

• Multiparalelism,
• Highest Perfomance ever (roundtrip time in 100μs) - HFT
• Leveraging Open Source protocols (SBE, LZ4,...)
• Interfaces: FIX / SBE
• Ready to receive 3 Billions messages per day

0x02(4)- The Target

0x02(5)- The Target [INTERFACES] 

FIX

SBE

• Financial Information Exchange
• 1992

8=FIX.4.2|9=65|35=A|49=SERVER|56=CLIENT|34=177|52=20090107-18:15:16|98=0|108=30|10=062|
     0   + 0  + 5  +   10    +   10    +  7   +        21          + 5  +  7   +   0    = 65

• Simple Binary Encoding
• https://github.com/real-logic/simple-binary-encoding
• SBE is an OSI layer 6 presentation for encoding and decoding binary application messages for low-latency financial applications.

0x03- The issue

• How to do you test proprietary protocols?
  • ​With custom messages?
  • With weird and fucked'up flows?
  • With logic beyond our mortal comprehension?

0x04- The Mindset

• Results of the Risk Assessment:
  • (in)voluntary sent of mal formed messages that can lead to unexpected behaviour or crashes.

0x05- The Approach - Fuzzing!

0x05- The Approach - Fuzzing!

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.

0x05- The Approach - Fuzzing! [WHY]

0x05- The Approach - Fuzzing! [WHY]

• Advantages:
  • ​No human interaction while testing,
  • If configured properly 99.99% Coverage,
  • Scalable!
• ​Disadvantage:
  • ​Configuration...
  • Shit ton of crashes to review...
  • It's a good approach but manual testing is always needed
  •  

0x05- The Approach - Fuzzing! [WHY]

0x06- The Solutions

AFL

Libfuzzer

Zulu

Peach

Scripting

0x06- The Solutions

• Whitebox Gramatical based Fuzzing - BooFuzz

aka "Euronext-fuzzer"

0x06- The Solutions - Boofuzz

• Why?
  • Network based Fuzzing
  • Customisable with Python
  • Easy to setup
  • Reporting (CSV, HTML)

0x06- The Solutions - Boofuzz

• Features:
  • ​Manual configuration of trading protocol messages,
  • And flows (Logon First, NewOrder, CancelOrder, Logout)
  • Pre-post send
  • REST API for Automation
  • ...

0x06- The Solutions - Boofuzz

• Limitations:​
  • ​RAM - 16Gb not enough
  • Initial learning curve,
  • Output... and
  • Reproducibility

0x06- The Solutions - Boofuzz

• Features - Daemon​

Fuzzer

Exchange

test case N-1

test case N

test case N-1

test case N-1

Crash Detected

0x06- The Solutions - Boofuzz

• Messages

0x06- The Solutions - Boofuzz

• Deamon results

0x06- The Solutions - Boofuzz

• Output