GramFuzz: Fuzzing testing of web browsers based on grammar analysis and structural mutation

Guo, Tong; Zhang, Puhan; Wang, Xin; Wei, Qiang

doi:10.1109/icoia.2013.6650258

Cited by 21 publications

(12 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It then mutates the seeds by replacing AST subtrees with the generated fragments. GramFuzz [13] and BlendFuzz [37] use the same intuition as LangFuzz, but they focus on other languages such as HTML, CSS, as well as JS. IFuzzer [33] improves upon LangFuzz by employing genetic programming to generate unseen JS test cases.…”

Section: A Fuzzingmentioning

confidence: 99%

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

Han¹,

Oh²,

Kil³

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

JavaScript engines are an attractive target for attackers due to their popularity and flexibility in building exploits. Current state-of-the-art fuzzers for finding JavaScript engine vulnerabilities focus mainly on generating syntactically correct test cases based on either a predefined context-free grammar or a trained probabilistic language model. Unfortunately, syntactically correct JavaScript sentences are often semantically invalid at runtime. Furthermore, statically analyzing the semantics of JavaScript code is challenging due to its dynamic nature: JavaScript code is generated at runtime, and JavaScript expressions are dynamically-typed. To address this challenge, we propose a novel test case generation algorithm that we call semantics-aware assembly, and implement it in a fuzz testing tool termed CodeAlchemist. Our tool can generate arbitrary JavaScript code snippets that are both semantically and syntactically correct, and it effectively yields test cases that can crash JavaScript engines. We found numerous vulnerabilities of the latest JavaScript engines with CodeAlchemist and reported them to the vendors.

show abstract

Section: A Fuzzingmentioning

confidence: 99%

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

Han¹,

Oh²,

Kil³

2019

Proceedings 2019 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…However, some fuzzers incorporate specific structure information into their heuristic. This approach has led to grammar-based fuzzers [21], [22] and dictionary-based strategies [17]. Improving the diversity of grammar-based fuzzers would be more complex than our approach as the diversity needs to be generated at the grammar level.…”

Section: Mutational Fuzzersmentioning

confidence: 99%

Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection

Menéndez

Clark

2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…One of the first to recognize their use in fuzzing was Godefroid [17] who augmented whitebox fuzzing with grammars. Other noteworthy grammar fuzzers include Gramfuzz [20], Grammarinator [23], Dharma [27], Domato [16], and CSS Fuzz [33], as well as PolyGlot [6], which augments context-free grammars with semantic annotations. LangFuzz [24] uses a language specification to collect code fragments which can be applied as smart mutations.…”

Section: Context-free Grammarsmentioning

confidence: 99%

FormatFuzzer: Effective Fuzzing of Binary File Formats

Dutra¹,

Gopinath²,

Zeller³

2021

Preprint

View full text Add to dashboard Cite

Effective fuzzing of programs that process structured binary inputs, such as multimedia files, is a challenging task, since those programs expect a very specific input format. Existing fuzzers, however, are mostly formatagnostic, which makes them versatile, but also ineffective when a specific format is required.We present FormatFuzzer, a generator for format-specific fuzzers. FormatFuzzer takes as input a binary template (a format specification used by the 010 Editor) and compiles it into C++ code that acts as parser, mutator, and highly efficient generator of inputs conforming to the rules of the language.The resulting format-specific fuzzer can be used as a standalone producer or mutator in black-box settings, where no guidance from the program is available. In addition, by providing mutable decision seeds, it can be easily integrated with arbitrary format-agnostic fuzzers such as AFL to make them format-aware. In our evaluation on complex formats such as MP4 or ZIP, FormatFuzzer showed to be a highly effective producer of valid inputs that also detected previously unknown memory errors in ffmpeg and timidity.CCS Concepts: • Software and its engineering → Software testing and debugging; Translator writing systems and compiler generators; Parsers; Syntax.

show abstract

GramFuzz: Fuzzing testing of web browsers based on grammar analysis and structural mutation

Cited by 21 publications

References 8 publications

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines

Hashing Fuzzing: Introducing Input Diversity to Improve Crash Detection

FormatFuzzer: Effective Fuzzing of Binary File Formats

Contact Info

Product

Resources

About