timobrembeck / jit-fuzzer Goto Github PK

View Code? Open in Web Editor NEW

A fuzzing setup for JS JIT compilers, implemented for the JavaScriptCore (webkit) engine.

License: GNU General Public License v3.0

Makefile 15.10% Shell 22.53% Python 46.15% Dockerfile 16.22%

jit-fuzzer's Introduction

⚠️ This project is no longer maintained

For current research on this topic, see for example:

Bernhard, L., Scharnowski, T., Schloegel, M., Blazytko, T., & Holz, T. (2022). JIT-Picking: Differential Fuzzing of JavaScript Engines. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. https://doi.org/10.1145/3548606.3560624
Groß, S., Koch, S., Bernhard, L., Holz, T., & Johns, M. (2023). Fuzzilli: Fuzzing for JavaScript Jit Compiler vulnerabilities. Proceedings 2023 Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2023.24290

jit-fuzzer

A fuzzing setup for JS JIT compilers using a combination of Fuzzilli and AFLplusplus, implemented for the JavaScriptCore (WebKit) engine.

Quickstart

You can use the pre-built docker image hosted on Docker Hub:

docker pull timoludwig/jit-fuzzer
docker run --name jit-fuzzer timoludwig/jit-fuzzer

Detailed instructions

Clone the repository including its submodules:

Protocol	Command
HTTPS	`git clone --recurse-submodules --jobs 3 https://github.com/timoludwig/jit-fuzzer.git`
SSH	`git clone --recurse-submodules --jobs 3 [email protected]:timoludwig/jit-fuzzer.git`

Pull new commits including submodules:

git pull
git submodule update --jobs 3

If you want to modify and/or build the project yourself, you have the choice between Docker and a native Linux installation:

	Docker	Native Linux
Compile patched versions of Fuzzilli, AFLplusplus and WebKit (this may take a while, even on modern hardware):	docker build -t jit-fuzzer .	make
Generate interesting js samples with Fuzzilli and fuzz their JIT-compiled code in AFL:	First run (create container from image): docker run --name jit-fuzzer jit-fuzzer Subsequent runs (start of existing container): docker start jit-fuzzer docker logs -f jit-fuzzer	./fuzz.sh

Docker

Native Linux

Compile patched versions of Fuzzilli, AFLplusplus and WebKit (this may take a while, even on modern hardware):

docker build -t jit-fuzzer .

make

Generate interesting js samples with Fuzzilli and fuzz their JIT-compiled code in AFL:

First run (create container from image):

docker run --name jit-fuzzer jit-fuzzer

Subsequent runs (start of existing container):

docker start jit-fuzzer
docker logs -f jit-fuzzer

./fuzz.sh

How does it work?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.