FuzzyDoo: A framework for finding flaws in the 5G landscape

The increasing complexity and criticality of 5G networks demand rigorous security testing methodologies, particularly in black-box environments where source code access is restricted. This paper introduces FuzzyDoo, an open-source, mutation-based structure-aware fuzzing framework designed to assess the robustness and security of 5G Core (5GC) network functions under black-box conditions. FuzzyDoo advances the state of the art by enabling dynamic test message generation for encrypted communications, supporting extensible protocol integration, and facilitating flexible deployment of monitoring components in multi-system environments. The paper details the framework modular architecture – to the best of our knowledge, the first of its kind in the open-source domain – and demonstrates its efficacy through experimental evaluations on three open-source 5GC frameworks. These experiments reveal implementation-specific vulnerabilities and underscore FuzzyDoo diagnostic capabilities for root cause analysis.