BFuzz is currently in beta.
BFuzz is an input based fuzzer tool which take
.html as an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in
recurve folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly it doesn't mangle any testcases.
warmachine@ftw:~/BFuzz$ ./generate.sh warmachine@ftw:~/BFuzz$ python BFuzz.py Enter the browser type: 1: Chrome 2: Firefox >>
python BFuzz.py will ask for option weather to fuzz Chrome or Firefox, however if selected
2 this will open firefox
firefox --new-instance and randomly open any of the testcase from
recurve create the logs on the terminal wait for
3 seconds again it will open firefox and the same process continue so on.
BFuzz is a small
.py script which enable's to open browser run testcase for
12 seconds then close wait for
3 seconds and again follow the same process.
The testcase's in
recurve are generated by domato
generator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.
grammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.
Epiphany Web 3.28.1: CVE-2018-11396, new testcase identified for CVE-2018-11396
Mozilla Firefox: Stack based buffer overflow bug ID: 1456083 [Went DUPLICATE]
View in action
Please feel free to PR.
Handle Exeception, Add banner, Optimize Code, Mangle testcases.