Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/RootUp/BFuzz

Fuzzing Browsers
https://github.com/RootUp/BFuzz

browsers domato fuzzing fuzzing-framework

Last synced: about 1 month ago
JSON representation

Fuzzing Browsers

Host: GitHub
URL: https://github.com/RootUp/BFuzz
Owner: RootUp
Created: 2018-05-08T16:05:57.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2022-12-05T11:57:55.000Z (about 2 years ago)
Last Synced: 2024-08-02T05:13:40.109Z (4 months ago)
Topics: browsers, domato, fuzzing, fuzzing-framework
Language: HTML
Homepage:
Size: 8.75 MB
Stars: 306
Watchers: 13
Forks: 56
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

security-study-tutorial - Fuzzing Browsers
awesome-rainmana - RootUp/BFuzz - Fuzzing Browsers (HTML)

README

# BFuzz
[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html)
```
BFuzz is currently in beta.
```

BFuzz is an input based fuzzer tool which take `.html` as an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in `recurve` folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly it doesn't mangle any testcases.

## Run BFuzz

```
warmachine@ftw:~/BFuzz$ ./generate.sh
warmachine@ftw:~/BFuzz$ python BFuzz.py
Enter the browser type:
1: Chrome
2: Firefox
>>
```
Running `python BFuzz.py` will ask for option weather to fuzz Chrome or Firefox, however if selected `2` this will open firefox `firefox --new-instance` and randomly open any of the testcase from `recurve` create the logs on the terminal wait for `3 seconds` again it will open firefox and the same process continue so on.

BFuzz is a small `.py` script which enable's to open browser run testcase for `12 seconds` then close wait for `3 seconds` and again follow the same process.

## Domato 🍅
The testcase's in `recurve` are generated by [domato](https://github.com/googleprojectzero/domato)
generator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.

grammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.

.txt files contain grammar definitions. There are 3 main files, html.txt, css.txt and js.txt which contain HTML, CSS and JavaScript grammars, respectively. These root grammar files may include content from other files.

## Bug showcase
Epiphany Web 3.28.1: [CVE-2018-11396](https://bugzilla.gnome.org/show_bug.cgi?id=795740), new [testcase](https://gist.github.com/RootUp/05b623a8169efef9909e764d63ec4408) identified for CVE-2018-11396

Mozilla Firefox: Stack based buffer overflow bug ID: 1456083 [Went DUPLICATE]

## View in action
[Browser Fuzzing via BFuzz](https://youtu.be/I59SkL0ReUM)

## Contribution

Please feel free to PR.

## ToDo

Handle Exeception, Add banner, Optimize Code, Mangle testcases.