Fuzzing

Testing with Random Input

Lukas Gamper, lukas.gamper@usystems.ch

www.webling.ch

What is Fuzzing

Automated software testing technique
Provides invalid, unexpected or random input
Tries to crash the program

History

Applications

Shellshock found by fuzzing
Heartbleed reproduced by fuzzing
Google and Microsoft provide cloud fuzzers for programs like Chrome or FreeType

Advantages

Fast
"Thinks" out of the box
Doesn't require knowledge of the code

Singlepagefuzzer

Fuzzer for web apps
No product found
On GitHub github.com/usystems/singlepagefuzzer
No code changes necessary
Supported browsers:

How does it Work

(function(el){
    el.src='https://cdn.rawgit.com/usystems/singlepagefuzzer/' +
        'master/src/singlepagefuzzer.js';
    el.onload=function(){
        SinglePageFuzzer.start({});
    };
    document.head.appendChild(el);
})(document.createElement('script'));

Paste Config into Console

(function(el){
    el.src='https://cdn.rawgit.com/usystems/singlepagefuzzer/' +
        'master/src/singlepagefuzzer.js';
    el.onload=function(){
        var SPF = SinglePageFuzzer;
        SPF.start({

Just Important Elements

selectFilter: function(x, y, el) {
    while (el !== null) {
        if (el.nodeName == 'SECTION') return true;
        else el = el.parentElement;
    }
    return false;
}

        });
    };
    document.head.appendChild(el);
})(document.createElement('script'));

(function(el){
    el.src='https://cdn.rawgit.com/usystems/singlepagefuzzer/' +
        'master/src/singlepagefuzzer.js';
    el.onload=function(){
        var SPF = SinglePageFuzzer;
        SPF.start({

Drop some Requests

request: {
    lag: 1000, // ms
    dropRequest: 0.1, // probability
    dropResponse: 0.1, // probability
    offline: 10000, // ms
    online: 5000 // ms
}

        });
    };
    document.head.appendChild(el);
})(document.createElement('script'));

(function(el){
    el.src='https://cdn.rawgit.com/usystems/singlepagefuzzer/' +
        'master/src/singlepagefuzzer.js';
    el.onload=function(){
        var SPF = SinglePageFuzzer;
        SPF.start({

Control Events

eventDistribution: [
    SPF.createEventProbability(0.8, [
        SPF.createClick()
    ]),
    SPF.createEventProbability(0.2, [
        SPF.createDblclick()
    ])
]

        });
    };
    document.head.appendChild(el);
})(document.createElement('script'));

Live Demo

https://github.com/usystems/singlepagefuzzer

http://todomvc.com/examples/serenadejs/

Singlepagefuzzer

github.com/usystems/singlepagefuzzer

Lukas Gamper, lukas.gamper@usystems.ch

Fuzzing

What is Fuzzing

History

Applications

Advantages

Singlepagefuzzer

How does it Work

How does it Work

How does it Work

How does it Work

How does it Work

How does it Work

How does it Work

Paste Config into Console

Just Important Elements

Drop some Requests

Control Events

Live Demo

Singlepagefuzzer

Fuzzing Frontend Conf 17

Fuzzing Frontend Conf 17

gamperl

Fuzzing

What is Fuzzing

History

Applications

Advantages

Singlepagefuzzer

How does it Work

How does it Work

How does it Work

How does it Work

How does it Work

How does it Work

How does it Work

Paste Config into Console

Just Important Elements

Drop some Requests

Control Events

Live Demo

Singlepagefuzzer

Fuzzing Frontend Conf 17

More from gamperl