Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ChijinZ/Minerva
A browser fuzzer augmented by API mod-ref relations
https://github.com/ChijinZ/Minerva
Last synced: 3 months ago
JSON representation
A browser fuzzer augmented by API mod-ref relations
- Host: GitHub
- URL: https://github.com/ChijinZ/Minerva
- Owner: ChijinZ
- License: apache-2.0
- Created: 2022-06-25T03:52:26.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2024-03-08T09:10:54.000Z (4 months ago)
- Last Synced: 2024-03-08T10:29:34.095Z (4 months ago)
- Language: Python
- Homepage:
- Size: 14.1 MB
- Stars: 27
- Watchers: 6
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-fuzzing - Minerva - Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case. (Tools / API)
README
# Minerva
## Overview
Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.
Basic idea: it extracts memory-level mod-ref relations between APIs via dynamic mod-ref analysis and leverages the relations to apply weighted API selection during test case generation.
**NOTE**: This is just a prototype to reproduce experiments in our research paper. Some features are built as dynamic shared objects and their source code is not published.
**NOTE 2**: According to our experiments, SaGe (https://github.com/ChijinZ/SaGe-Browser-Fuzzer), another browser fuzzer, has a better performance compared to Minerva. In addition, SaGe is easier to use IMO. Please try it.
## Environment
We tested Minerva on Ubuntu 20.04 and Ubuntu 22.04.
## Usage
First, tell the fuzzer where the mod-ref relations locate:
```
export MEM_DEP_JSON_PATH=$MINERVA_PATH/mod_ref_helper/mem_dep.json
```
Then, you can generate html files using Minerva. Minerva is implemented on the top of [Domato](https://github.com/googleprojectzero/domato). Therefore, you can use Minerva in a way similar to Domato.
To see usage information:
```
python3 generator.py
```
To generate a single .html sample run:
```
python generator.py
```
To generate multiple samples with a single call run:
```
python generator.py --output_dir --no_of_files
```
## Publication
Related paper is accepted by ESEC/FSE'22. ([preprint](http://wingtecher.com/themes/WingTecherResearch/assets/papers/FSE22_Minerva.pdf), [slides](https://github.com/ChijinZ/chijinz.github.io/blob/main/archive/minerva_fse22_pre.pdf)).
``.bib`` info:
```
@inproceedings{Chijin2022Minerva,
author={Chijin Zhou, Quan Zhang, Mingzhe Wang, Lihua Guo, Jie Liang, Zhe Liu, Mathias Payer, Yu Jiang},
title={Minerva: Browser API Fuzzing with Dynamic Mod-Ref Analysis},
booktitle = {Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
series={ESEC/FSE 2022},
location={Singapore},
year={2022},
}
```
## Acknowledgement
We reuse code from [Domato](https://github.com/googleprojectzero/domato) for input generation.