Home

Awesome

lucky-js-fuzz

Html that generates random js statements then fuzz in the web-browser.

Usage:

a) put all of those files under a web server

b) visit lucky-jsfuzz-chrome.html

please notice the last line of lucky-jsfuzz-chrome.html: outputAllThingsHTMLFormat(false);
if you want to run the script instantly in the web-browser, you should change the arugment 'false' to 'true'.

Sample output:

Please check sample_out.html

This html file was generated by every type of output limited to 3, recommend value is 12.

Contact me:

Wenxiang Qian (Twitter: @leonwxqian / Weibo: @leonwxqian) of Tencent Blade Team, leonwxqian#gmail.com or #qq.com.

Blog: http://nul.pw

Hacks to use this smoother

When you use this, there should obviously with some problems like:

Of course you can use this as a functional fuzzer, however, this is just designed to be a part of fuzzing system which means this is lacking of some functions which couldn't be done by just javascript. For example: crash monitoring, binary level error handling, crash reporting... You should add them by yourself, FF/Chromium/V8 is open source so I think you can do it easily. :)

Happy hacking & fuzzing!

PS

I am not a pro on writing Javascript, and this fuzzer was written in a hurry. So the project is written in a very old and ugly style.

It was formerly going to be used for fuzzing NScript, a script evaluation engine used in the Windows Defender, so there're only basic data type supported here. I will update often as I am prepare to use this to do more fuzzing work in the future.