Skip to content

leonwxqian/lucky-js-fuzz

Repository files navigation

lucky-js-fuzz

Html that generates random js statements then fuzz in the web-browser.

Usage:

a) put all of those files under a web server

b) visit lucky-jsfuzz-chrome.html

please notice the last line of lucky-jsfuzz-chrome.html: outputAllThingsHTMLFormat(false);
if you want to run the script instantly in the web-browser, you should change the arugment 'false' to 'true'.

Sample output:

Please check sample_out.html

This html file was generated by every type of output limited to 3, recommend value is 12.

Contact me:

Wenxiang Qian (Twitter: @leonwxqian / Weibo: @leonwxqian) of Tencent Blade Team, leonwxqian#gmail.com or #qq.com.

Blog: http://nul.pw

Hacks to use this smoother

When you use this, there should obviously with some problems like:

  • When render is hanged, the page won't redirect to new seed. => maybe you need to write an extension or something to force it reload.
  • When there's an out-of-memory, the page will die and cause some false alarms if you have monitored the status of page. => a simple hack: modify chromium , when oom is happen, reload current page. Same thing for page hang.
  • Many oom are caused by RegEx operations, and hang are caused by dom insertion, you can comment out these two fuzzers to increase the fuzzing speed if you don't want to fuzz them.

Of course you can use this as a functional fuzzer, however, this is just designed to be a part of fuzzing system which means this is lacking of some functions which couldn't be done by just javascript. For example: crash monitoring, binary level error handling, crash reporting... You should add them by yourself, FF/Chromium/V8 is open source so I think you can do it easily. :)

Happy hacking & fuzzing!

PS

I am not a pro on writing Javascript, and this fuzzer was written in a hurry. So the project is written in a very old and ugly style.

It was formerly going to be used for fuzzing NScript, a script evaluation engine used in the Windows Defender, so there're only basic data type supported here. I will update often as I am prepare to use this to do more fuzzing work in the future.

About

A web page based fuzzer that generates random JS statements then fuzz in the web-browser.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published