Collaborate Disseminate
Fuzzilii is a JavaScript engine fuzzing library, it’s a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript.
When fuzzing for core interpreter bu… Continue reading Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it’s a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript.
When fuzzing for core interpreter bu… Continue reading Fuzzilli – JavaScript Engine Fuzzing Library
Google has announced two new security initiatives: one is aimed at helping bug hunters improve the security of various browsers’ JavaScript engines, the other at helping Android OEMs improve the security of the mobile devices they ship. Fuzzing J… Continue reading Google aims to improve security of browser engines, third-party Android devices and apps on Google Play
Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results directly from their build system. Fuzzing is an automated software testing technique… Continue reading Microsoft open-sources tool that enables continuous developer-driven fuzzing
I was researching fuzzing using AFL and hongofuzz and they mainly support applications that run in the terminal. After that I came across a list of resources for network fuzzers, and found afl-net which was well maintained. I tried using a… Continue reading How can I fuzz a http server?
I want to fuzz the restricted shell which is customized linux shell. I can only run certain commands which are specific to application. OS commands are not allowed to run. The shell looks as below after doing ssh to it,
My goal is to fuzz… Continue reading How to fuzz restricted shell?
In this post, we’ll show you how to test your smart contracts with the Echidna fuzzer. In particular, you’ll see how to: Find a bug we discovered during the Set Protocol audit using a variation of differential fuzzing, and Specify and check useful prop… Continue reading Using Echidna to test a smart contract library
I am having a hard time coming up with a short list of open source tools that I can use to automate the fuzz testing of our rest API
The application accepts a access token, which is short lived ~40 seconds. The problem is the fuzzer script starts getting invalid responses because the access token expires. The way to get new access token is using a script with the refres… Continue reading Fuzzer with ability to run a script for each request
As the title says how do one find vulnerabilities on closed source applications on windows by fuzzing approach. Let’s say there is a bug bounty program running, which has its own closed source windows binary and one has to find vulnerabili… Continue reading How do you find vulnerabilities on closed source applications on windows by fuzzing?