Abstract:Due to the complexity of the Java Web application business scenario and the high requirement for the structural validity of the input data, the existing test methods and tools have the problems of low efficiency of test cases when testing Java Web. To solve the above problems, this study presents a gray-box fuzzing method for Java Web applications based on parse trees. First, the study models the syntax of the input packets of Java Web applications, creates a parse tree, distinguishes between delimiters and data blocks, and hooks up a seed pool for each leaf node in the parse tree. In addition, the study isolates the single data block of the test case and generates the input in line with the Java Web application business format by packet splicing, so as to improve the efficiency of test cases. In addition, in order to retain high-quality data blocks, each data block seed is assigned a separate weight during the test according to the execution feedback information of the test program. In order to break through the deep path, the seed features of data blocks are extracted based on conditional probability learning in the corresponding seed pool. This study implements a gray-box fuzzing test system for Java Web applications based on parse trees, namely PTreeFuzz, and the test results show that the system achieves better test accuracy compared with existing tools.