Introduction to JavaScript Fuzzing

Free

Introduction to JavaScript Fuzzing

Learn how to fuzz JavaScript code using jsfuzz.
📦 Source code, 📝 Cheatsheet, 🎞️ Video

Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz

In this course, I will fuzz a JavaScript npm/ nodejs library (omggif) in order to find uncaught JavaScript exceptions. I will explain how to create a fuzzing harness for this target, run the fuzzer (jsfuzz), handle expected exceptions, analyze a crash and create a minimal crashing reproducer.

Finding bugs in TypeScript code (chrono-node) using jsfuzz

Today, I will use jsfuzz to find unhandled exceptions inside a famous TypeScript library (chrono-node). This library is a perfect kind of target for fuzzing since it's parsing data and the APIs are simple. I will first explain which API we will fuzz, then how to create a fuzzing harness, trigger some bugs and finally show you how to easily debug the crashes.

What's included?

Fuzzing JavaScript npm/nodejs/code (omggif) using jsfuzz

Video: Complete step-by-step tutorial

fuzzing_javascript_jsfuzz.zip

16.6 KB

Cheatsheet : All the commands for the tutorial

4.46 KB

Finding bugs in TypeScript code (chrono-node) using jsfuzz

Video: Complete step-by-step tutorial

fuzzing_typescript_jsfuzz.zip

917 KB

Cheatsheet_fuzzing_typescript_npm_nodejs_code_jsfuzz.md

5.32 KB

Meet Your Instructor

Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

You can read more about me by clicking here.

X Linked_in Youtube Website Mail

FREE Resources & Trainings

Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇