The Spanner logo
    • Home
    • Blog
      • Blog home
      • RSS
    • Login
    • Home
    • Blog
      • Blog home
      • RSS
    • Login
    The Spanner logo

    The Spanner
    Web security blog

    Made by Gareth Heyes
    Follow me on Twitter: @garethheyes

    Javascript for hackers!

    Hackvertor logo
    Shazzer logo
    My Github account
    Recent posts
    Introducing Feedworm: A Privacy-First RSS Reader That Lives in DevToolsSpeedy RSVP extensionAutoVaderHackvertor history and tag finderShadow Repeater v1.2.3 releaseBurp Hackvertor v2.1.24 releaseHacking roomsXSSing TypeErrors in SafarivalueOf: Another way to get thisMaking the Unexploitable Exploitable with X-Mixed-Replace on FirefoxThe curious case of the evt parameterCSS-Only Tic Tac Toe ChallengeRewriting relative urls with the base tag in SafariBypassing DOMPurify with mXSSNew IE mutation vectorHow I smashed MentalJSMentalJS DOM bypassAnother XSS auditor bypassXSS Auditor bypassBypassing the IE XSS filterUnbreakable filterMentalJS bypassesmXSSJava SerializationBypassing the XSS filter using function reassignmentRPOSandboxed jQueryX-Domain scroll detection on IE using focusEpic fail IEnew operatorDecoding complex non-alphanumeric JavaScriptHacking FirefoxDOM ClobberingBypassing XSS AuditorThe evolution of codeNon-Alpha PHP in 6-7 charsetTweetable PHP-Non AlphaMentalJS for PHPOpera x domain with video tutorialSandboxing and parsing jQuery in 100ms

    Open source as a reward for the JS Fuzzer

    By Gareth Heyes (@hackvertor)

    Published 18 years 10 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

    ← Back to articles

    Did you like my JS Fuzzer? If you did, then leave a comment here and when the site reaches 30 unique comments for this post I shall release the source code. You can then run it for as long as you want on your own server.

    Once the source code is released I shall be creating a Google group to continue development work on the fuzzer. So if you're interested in joining the team let me know in a comment.

    So if you want the code, tell your friends to visit the site and try out the fuzzer :)

    JS Fuzzer

    Update...

    Half way there everyone :) Thanks for all the contributions so far. I've updated the fuzzer as well to include randomisation and run until javascript execution.

    Further update

    1. Run until javascript execution, you have to hit ok for now but I plan to remove the need for reposting as well.
    2. All execution is logged into a database that I shall release for everyone once I've cleaned out all the invalid ones.
    3. The script also now allows you to randomise all options and characters for every row.

    ← Back to articles