BFuzz is an input based fuzzer tool which take
.htmlas an input, open's up your browser with a new instance and pass multiple testcases generated by domato which is present in
recurvefolder of BFuzz, more over BFuzz is an automation which performs same task repeatedly.
[email protected]:~/BFuzz$ ./generate.shRunning
[email protected]:~/BFuzz$ python BFuzz.py
Enter the browser type:
python BFuzz.pywill ask for option weather to fuzz Chrome or Firefox, however if selected
2this will open firefox
firefox --new-instanceand randomly open any of the testcase from
recurvecreate the logs on the terminal wait for
3 secondsagain it will open firefox and the same process continue so on.
BFuzz is a small
.pyscript which enable's to open browser run testcase for
12 secondsthen close wait for
3 secondsand again follow the same process.
The testcase's in
recurveare generated by domato generator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.
grammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.
Epiphany Web 3.28.1: CVE-2018-11396
Mozilla Firefox: Stack based buffer overflow bug ID: 1456083 [Went DUPLICATE]
View in action