Skip to content
/ fuzzdiff Public

fuzzer to detect side effects of third party script

License

Apache-2.0 license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

canalun/fuzzdiff

BranchesTags

Repository files navigation

This project is WIP.

If you have any idea to improve this fuzzer, would be glad if you let me know via issues :)

fuzzdiff

fuzzer for third party script developers :)

Screen Recording 2024-10-01 at 13 59 09

idea

'fuzzdiff' checks if your script has side effect on the page it's embedded on. It works as follows:

  1. generates random page(=DOM+JS).
  2. runs the generated script on that page and records which API was called with what args and return values.
  3. again, runs the generated script on that page, but this time, with your script embedded. And records the same as step 2.
  4. compares the two records. If found some diff, it means your script has some side effects on web page.

This is the basic idea.

usage

import { fuzzBehavior } from '@canalun/fuzzdiff'

const options = {
  dataNum: 10,
  scriptFilePath: path.resolve(__dirname, 'path/to/your/script'),
  outputPath: path.resolve(__dirname, 'path/to/output/dir'),
};

// check behavioral side-effects
fuzzBehavior(options)

Please try samples.

$ node ./sample/behavior.js

requirements

You need python3! Sorry for inconvenience...!

About

fuzzer to detect side effects of third party script

Resources

Readme

License

Apache-2.0 license
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages