{"id":13515531,"url":"https://github.com/RootUp/BFuzz","last_synced_at":"2025-03-31T04:37:14.916Z","repository":{"id":61257786,"uuid":"132633491","full_name":"RootUp/BFuzz","owner":"RootUp","description":"Fuzzing Browsers","archived":false,"fork":false,"pushed_at":"2022-12-05T11:57:55.000Z","size":9174,"stargazers_count":310,"open_issues_count":0,"forks_count":56,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-02-28T21:08:06.359Z","etag":null,"topics":["browsers","domato","fuzzing","fuzzing-framework"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RootUp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-08T16:05:57.000Z","updated_at":"2025-01-09T00:36:57.000Z","dependencies_parsed_at":"2023-01-24T03:30:32.546Z","dependency_job_id":null,"html_url":"https://github.com/RootUp/BFuzz","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootUp%2FBFuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RootUp","download_url":"https://codeload.github.com/RootUp/BFuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246418675,"owners_count":20773935,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browsers","domato","fuzzing","fuzzing-framework"],"created_at":"2024-08-01T05:01:12.562Z","updated_at":"2025-03-31T04:37:09.901Z","avatar_url":"https://github.com/RootUp.png","language":"HTML","readme":"# BFuzz\n[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)\n```\nBFuzz is currently in beta. \n```\n\nBFuzz is an input based fuzzer tool which take `.html` as an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in `recurve` folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly it doesn't mangle any testcases.\n\n## Run BFuzz\n\n```\nwarmachine@ftw:~/BFuzz$ ./generate.sh\nwarmachine@ftw:~/BFuzz$ python BFuzz.py \nEnter the browser type:\n 1: Chrome \n 2: Firefox\n\u003e\u003e\n```\nRunning `python BFuzz.py` will ask for option weather to fuzz Chrome or Firefox, however if selected `2` this will open firefox `firefox --new-instance` and randomly open any of the testcase from `recurve` create the logs on the terminal wait for `3 seconds` again it will open firefox and the same process continue so on.\n\nBFuzz is a small `.py` script which enable's to open browser run testcase for `12 seconds` then close wait for `3 seconds` and again follow the same process.\n\n## Domato 🍅\nThe testcase's in `recurve` are generated by [domato](https://github.com/googleprojectzero/domato)\ngenerator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.\n\ngrammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.\n\n.txt files contain grammar definitions. There are 3 main files, html.txt, css.txt and js.txt which contain HTML, CSS and JavaScript grammars, respectively. These root grammar files may include content from other files.\n\n## Bug showcase\nEpiphany Web 3.28.1: [CVE-2018-11396](https://bugzilla.gnome.org/show_bug.cgi?id=795740), new [testcase](https://gist.github.com/RootUp/05b623a8169efef9909e764d63ec4408) identified for CVE-2018-11396\u003cbr\u003e\nMozilla Firefox: Stack based buffer overflow bug ID: 1456083 [Went DUPLICATE] \u003cbr\u003e\n\n## View in action\n[Browser Fuzzing via BFuzz](https://youtu.be/I59SkL0ReUM)\n\n## Contribution\n\nPlease feel free to PR.\n\n## ToDo\n\nHandle Exeception, Add banner, Optimize Code, Mangle testcases.\n\n","funding_links":[],"categories":["Fuzzing","Tools","HTML","Secure Programming"],"sub_categories":["Browser Fuzzing","Fuzzing"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRootUp%2FBFuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRootUp%2FBFuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRootUp%2FBFuzz/lists"}