Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/sslab-gatech/freedom
A DOM fuzzer
https://github.com/sslab-gatech/freedom
Last synced: 30 days ago
JSON representation
A DOM fuzzer
- Host: GitHub
- URL: https://github.com/sslab-gatech/freedom
- Owner: sslab-gatech
- License: mit
- Created: 2020-09-11T21:46:43.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2022-08-18T04:00:09.000Z (over 2 years ago)
- Last Synced: 2024-11-05T19:32:45.374Z (about 1 month ago)
- Language: Python
- Homepage:
- Size: 168 KB
- Stars: 143
- Watchers: 41
- Forks: 26
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - sslab-gatech/freedom - A DOM fuzzer (Python)
README
# FreeDom
## Paper
[FREEDOM: Engineering a State-of-the-Art DOM Fuzzer (ACM CSS 2020)](https://gts3.org/assets/papers/2020/xu:freedom.pdf)
## Prerequisites
- Python 3.x
## Usage
```
python3 main.py
```
### Fuzzer configuration
Check `config.py` that manages testcase complexity and fuzzing process.
### Mode 0. Testcase generation only
This mode simply generates a number of random HTML documents and save them to a given directory.
Example:
```
python main.py -i 1 -m generate -n 10 -o output
```
## Security bugs
* WebKit (Safari): CVE-2019-6212, CVE-2019-8596, CVE-2019-8609, CVE-2019-8720, CVE-2020-9803, CVE-2020-9806, CVE-2020-9807, CVE-2020-9895
* Chrome: CVE-2019-5806, CVE-2019-5817, Issue 943424, Issue 943538
* Firefox: Issue 1626152
## Citation
```
@inproceedings{xu:freedom,
title = {{FREEDOM: Engineering a State-of-the-Art DOM Fuzzer (to appear)}},
author = {Wen Xu and Soyeon Park and Taesoo Kim},
booktitle = {Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)},
month = nov,
year = 2020,
address = {Orlando, FL},
}
```
## Contacts
* Wen Xu
* Soyeon Park
* Taesoo Kim