https://github.com/sslab-gatech/freedom
A DOM fuzzer
https://github.com/sslab-gatech/freedom
Last synced: 6 months ago
JSON representation
A DOM fuzzer
- Host: GitHub
- URL: https://github.com/sslab-gatech/freedom
- Owner: sslab-gatech
- License: mit
- Created: 2020-09-11T21:46:43.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-08-18T04:00:09.000Z (about 3 years ago)
- Last Synced: 2025-04-07T07:43:04.904Z (7 months ago)
- Language: Python
- Homepage:
- Size: 168 KB
- Stars: 145
- Watchers: 41
- Forks: 26
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - sslab-gatech/freedom - A DOM fuzzer (Python)
README
# FreeDom
## Paper
[FREEDOM: Engineering a State-of-the-Art DOM Fuzzer (ACM CSS 2020)](https://gts3.org/assets/papers/2020/xu:freedom.pdf)
## Prerequisites
- Python 3.x
## Usage
```
python3 main.py
```
### Fuzzer configuration
Check `config.py` that manages testcase complexity and fuzzing process.
### Mode 0. Testcase generation only
This mode simply generates a number of random HTML documents and save them to a given directory.
Example:
```
python main.py -i 1 -m generate -n 10 -o output
```
## Security bugs
* WebKit (Safari): CVE-2019-6212, CVE-2019-8596, CVE-2019-8609, CVE-2019-8720, CVE-2020-9803, CVE-2020-9806, CVE-2020-9807, CVE-2020-9895
* Chrome: CVE-2019-5806, CVE-2019-5817, Issue 943424, Issue 943538
* Firefox: Issue 1626152
## Citation
```
@inproceedings{xu:freedom,
title = {{FREEDOM: Engineering a State-of-the-Art DOM Fuzzer (to appear)}},
author = {Wen Xu and Soyeon Park and Taesoo Kim},
booktitle = {Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS)},
month = nov,
year = 2020,
address = {Orlando, FL},
}
```
## Contacts
* Wen Xu
* Soyeon Park
* Taesoo Kim