FuzzOrigin

Paper

FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing

Server Setting

$ sudo apt-get install docker-compose
$ cd servers
$ sudo docker-compose up -d
$ sudo chown -R $(id -nu):$(id -ng) .

Download chrome

$ python3 chrome_downloader.py [version]

Visit OmahaProxy to check chrome version.

Run fuzzer

python3 -m src.fuzzer.fuzzer [browser type] [browser binary] [idx]

browser type: chrome, firefox, edge
browser binary: browser binary path
idx: test idx

$ python3 -m src.fuzzer.fuzzer chrome chrome/103.0.5042.0_999146/chrome 0

Result

tests/output_[idx]

$ ls tests/output_0

Citation

@inproceedings {281314,
    author = {Sunwoo Kim and Young Min Kim and Jaewon Hur and Suhwan Song and Gwangmu Lee and Byoungyoung Lee},
    title = {{FuzzOrigin}: Detecting {UXSS} vulnerabilities in Browsers through Origin Fuzzing},
    booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
    year = {2022},
    isbn = {978-1-939133-31-1},
    address = {Boston, MA},
    pages = {1008--1023},
    url = {https://www.usenix.org/conference/usenixsecurity22/presentation/kim},
    publisher = {USENIX Association},
    month = aug,
}

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
servers		servers
src		src
tools/domato		tools/domato
.gitignore		.gitignore
README.md		README.md
chrome_downloader.py		chrome_downloader.py
kill.sh		kill.sh
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

FuzzOrigin

Paper

Server Setting

Download chrome

Run fuzzer

Result

Citation

About

Releases

Packages

Languages

compsec-snu/fuzzorigin

Folders and files

Latest commit

History

Repository files navigation

FuzzOrigin

Paper

Server Setting

Download chrome

Run fuzzer

Result

Citation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages