X-Fuzzer: A Dynamic browser fuzzer

Posted on July 19, 2012 by Prashant

Usually fuzzers are used to test the parameters of an application. It compromises of various techniques like providing invalid, unexpected, or random data to the inputs of an application. Generally fuzzing is used for security assessments. In short, its like automation of searching exploits and security flaws in software. Previously, we have seen how fuzzers were being used for quick hunting of bugs. So today we unveil a small and dynamic browser fuzzer X-Fuzzer. X-Fuzzer has been designed by our Vulnerability Research Specialist Mr. Vinay Katoch. 

The fuzzer has two files, an HTML file and the fuzzing code that has been coded in JavaScript


The fuzzer is still in beta state. Currently it doesn’t go for infinite iterations and has many other limits. Though its code can be altered and the changes can be made for desired results. We tested this fuzzer on Unix platform and obtained success on some browser!

 

X-Fuzzer in action on Epiphany browser!

This was a small yet useful effort. The fuzzer has been hosted on Google code and can be downloaded from here. Stay tuned to check more things as we move on. :)

Related posts:

This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.
  • http://www.facebook.com/people/Andrei-Petre/100001461477479 Andrei Petre

    hello, checked out your code but finding it difficult to read in detail, you can at most get the whole idea, but that’s about it. Adding LOTS of comments and proper indenting the code is a start.

    I’d go for:
    * explaining what it does in a bit of detail, what’s the purpose of generating random tags
    * how do you check if the browser properly rendered the code as expected, do you intend to crash it, or how do you know if it was a success?