BFuzz – Fuzzing Chrome & Firefox Browsers

BFuzz is an input based fuzzer tool which take .html as an input, open’s up your browser with a new instance and pass multiple testcases generated by domato which is present in recurve folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly.

Also ReadPython-Nubia : A Command-Line & Interactive Shell Framework

Run BFuzz

warmachine@ftw:~/BFuzz$ ./generate.sh
warmachine@ftw:~/BFuzz$ python BFuzz.py 
Enter the browser type:
 1: Chrome 
 2: Firefox
>>

Running python BFuzz.py will ask for option weather to fuzz Chrome or Firefox, however if selected 2 this will open Firefox firefox --new-instance and randomly open any of the testcase from recurve create the logs on the terminal wait for 3 seconds again it will open Firefox and the same process continue so on.

BFuzz is a small .py script which enables to open browser run testcase for 12 seconds then close wait for 3 seconds and again follow the same process.

Domato

The testcase’s in recurve are generated by domato generator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.

grammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below.

.txt files contain grammar definitions. There are 3 main files, html.txt, css.txt and js.txt which contain HTML, CSS and JavaScript grammars, respectively. These root grammar files may include content from other files.

Video Tutorial

R K

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

5 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

5 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

6 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

7 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago