More Javascript fuzzing

I’ve rewrote my Javascript fuzzer to include more options, this one allows you to choose events, html attributes and various quote options. If you have any suggestions or attributes/events you would like me to include then please leave a comment. The fuzzer also now has the branding of my site that I recently redesigned.


I’ve updated my fuzzer again, it now includes a load of new options including javascript execution from within style tags and randomisation of the javascript: call.

Check it out here:-
JS Fuzzer version 2

8 Responses to “More Javascript fuzzing”

  1. .mario writes:

    Hi Gareth,

    nice tool! But why not displaying more than one result – it’s pretty annoying that one has to click over and over again. I think displaying 20 – 50 results would be cool.

    Also it would be great not to work with alert() but with row coloring. Just overwrite alert to color the table row green where it’s originating or sth similar.

    BTW: Have you tried the mozilla fuzzer? It’s pretty cool and it would enrich you fuzzer if you’d add maybe another tab with the fuzzer output from Rhino – also limited to 20-50 statements.

    What do you think?


  2. Gareth Heyes writes:

    Thanks Mario

    Yeah I’ll change the way it outputs and allow 50 results. Good suggestions thanks 🙂

    I’ve not looked at the Mozilla one yet, I’ll check it out though.

    Expect an update soon

  3. .mario writes:

    cool – looking forward for that!

  4. Gareth Heyes writes:

    I’ve uploaded a new version now. There’s no logging on the system because I haven’t had time to sort it out but if anyone gets javascript execution please let me know.

    It’s worked 3 times for me using the following:
    <body ‘onload=”alert(1);” class=”javascript:alert(2);”>test</body>
    <body “onload=”alert(1);” class=”javascript:alert(2);”>test</body>
    3. Character number : 13 before the handler

  5. .mario writes:

    damn cool – thanks!

    But – some more suggestions:
    – src and rel attributes are missing
    – object, embed and style tags are missing
    – all-option for tags and quotes would be cool
    – quotes are missing backticks
    – if ‘show code’ could probe for firebug and show the code in the console it would be awesome for copy&paste issues

    Great work – it’s becoming really useable!


  6. .mario writes:

    sorry – I meant ‘all’-option for tags and attributes…

  7. Gareth Heyes writes:

    Thanks for the suggestions Mario 🙂

    I shall sort them out tonight, I’m going to store the results of any javascript execution as well. Then I can provide a table for everyone to see.

  8. Gareth Heyes writes:

    I’ve updated the fuzzer, it now includes:

    1. All html tags and attributes.
    2. Send code to Firebug.
    3. Lowercase, Uppercase, Random case for tags, events and attributes.
    4. You can now specify the character range.
    5. Fuzzing of HTML tags.
    6. Backticks in the quote style.