Thursday, December 24, 2015

IEFuzz - A Static Internet Explorer Fuzzer

Today I'm sharing an IE Fuzzer, which was developed almost from scratch. Like many other softwares, browsers can also be fuzzed in two ways, a) Static and b) Dynamic.

Dynamic browser fuzzers are very popular, due to its speed, since they are purely written in JavaScript. However one common problem software security auditors face, while fuzzing browser dynamically, is 'Crash Reproduction'. You have to very careful while crafting your JS browser fuzzer (by placing logging code in right place), otherwise crash will not be reproducible.

Another option is, Static fuzzer. If you are fuzzing browsers using Static Test Cases, in 99% cases 'A crash' == 'A reproducible crash'.

How does 'IEFuzz' work?

  1. Launch IE
  2. Attach 'iexplore.exe' to debugger(pydbg) - To monitor any type of crash(Both in parent and child process).
  3. Generate a test case (html + javascript).
  4. Load the test case locally as file (file://c:/fuzzer/testcases/temp.html)in IE using win32COM.
  5. If no crash, re-generate a html test case and reload the test case using win32COM.(Note, we are not closing, re-opening IE here, We are just refreshing the same page but code/content of the page is different in every time. Which saves time significantly )
  6. In case of any kind of access violation, copy/save the test case to separate folder,  and kill IE completely.
  7. Go to step 1

This Static IE fuzzer is written in python. And following modules were used.

  1. pywin32com - Load / Reload *.html Test Cases
  2. pydbg - Monitor IE for Access Violation / Guard Page Violation.
  3. paimei - For crash dump generation.

Required Configuration Changes in IE

To run this Fuzzer you have to make following changes in IE: 

1. Since this fuzzer loads the test cases locally (eg. file://c:/fuzzer/testcases/temp.html) as .html file.
You must turn off IE's ActiveX warning prompt by following below instructions.

Tools (menu) -> Internet Options -> Security (tab) -> Custom Level (button) -> Disable Automatic prompting for ActiveX controls.

2. You also need to disable IE protected mode to be able to control Internet Explorer using Python 'win32com'. Please be aware of the risks.

 -> Internet Options -> Security -> Trusted Sites    : Low
 -> Internet Options -> Security -> Internet         : Medium + unchecked Enable Protected Mode
 -> Internet Options -> Security -> Restricted Sites : unchecked Enable Protected Mode

Writing Test Cases:

You can write you own static test case generator for this fuzzer in python. You have to place it inside /TestCases folder. For your reference one sample is given here 'TestCases/'. While writing test cases do remember, it should have a 'TestCase' class and 'getFinalTestCase()' method in it. This getFinalTestCase() method should return the entire html page. 

In case of dynamic fuzzer, attributes of different html elements extracted from object and fuzzed on the fly at runtime , since its a static fuzzer we can pre define html elements and their attributes our test case as python dict.

attr = {'CANVAS':['height','width','getContext', ... , ... , ... ]}

For this attribute list generation, one JavaScript application is provided here : MiscTools/Generate_Elements_Dict.html

Source Code:

Source code of IEFuzz is available for download @ my github page.


This software is licenced under BEER WARE licence although the following libraries are included with 'IEFuzz' and are licensed separately.

Running This Fuzzer:

One video demo is available here, on how to run this fuzzer and reproduce crashes.

Happy Fuzzing :) :)


  1. definately enjoy every little bit of it and I have you bookmarked to check out new stuff of your blog a must read blog! Speed Test Etisalat

  2. Thank you for excellent article.Great information for new guy like antimalware service executable

  3. Utilizing any of the above strategies won't just get your site punished in search rankings, it will more than likely get your site restricted from web indexes through and through. small business website seo services

  4. Google figures that if many individuals are visiting your site and investing energy in it then your site must have significant or intriguing data on it and they will rank your site in like manner.
    We are very happy with backlinks from marketing1on1

  5. Satellite broadband access makes use of two way communications between a subscriber and the satellite itself to deliver the Internet at broadband speeds. Unlimited wireless internet provider

  6. seaport hack Excellent trick this great friend, this was what I was looking for a long time and finally something that works. I recommend them all if it is real is not a lie. Thanks friend. Keep it up

  7. Glad to chat your blog, I seem to be forward to more reliable articles and I think we all wish to thank so many good articles, blog to share with us. power lead system

  8. We are the famous company of Movers and packers Dubai and packers and movers Dubai because we always take care of customer satisfaction and needs. We are the licensed and accredited moving company that provides all kinds of relocation services with grab discounts. We have well and educated teams who can work with honest and safely and securely. They don’t any hidden charges or bad behavior to their customers. Customer satisfaction and happiness are very important things.
    Packers and movers Dubai
    Movers and packers Dubai
    Packers movers Dubai
    Dubai movers packers

  9. RC MOVERS PACKERS is famous for Home movers Dubai and Office movers Dubai that can provide comprehensive solutions for residential and commercial relocation services in your areas. We have top-level staff who are very talented and very honest in house movers Dubai and office movers Dubai fields. They provide a complete solution for all kinds of relocation services in your locality. So if you need a house, office, and villa movers service.

  10. SAVE YOUR HOME is the well-trained company of Ac repair service in Dubai that can give you stressed out service in your locality. We have educated teams who can repair all types of Air conditioning repair unit like Central air conditioning, Window air conditioning, Portable air conditioning, geothermal air conditioning, Split air conditioning and chiller plants. We have many over 10 years of experience in air conditioning repair and installation and maintenance. Call us.
    Ac repair and service
    Air conditioning service and maintenance Dubai
    Ac repair service Dubai

  11. The procedure is automated so you don't have to actively seek contact information ongoing to create a gigantic database. best internet provider toronto

  12. Google offers advertisements which appear in search results on with the use of Google AdWords or advertisements that
    appear on other websites through the Display Network and Google’s AdSense program.
    With google ads you can appear in the top for searched keywords.Thus you will receive more relevant customers for your business.
    Google Ads Services
    You can get Apple-certified repairs and service at the Apple Store or with one of our Apple Authorized Service Providers.
    mobile phone repair in North Olmsted

  13. Eagle Technical services is a highly professional company all over Dubai. we can provide you the best service at a lower cost for a House wall painting service, Wall painting service, Interior wall painter, and Wall painting Dubai service. Do you want good service? call me today and get great services.

  14. This comment has been removed by the author.

  15. Do you need Samsung LED TV repair Dubai service? We have the best teams for Samsung LED TV repair service who can offer you quality service. Just contact us.

  16. 다음에 블로그를 읽을 때 이것만큼 실망하지 않았 으면 좋겠다. 제 말은 제가 읽기로 선택한 것이지만 사실 당신이 할 말이있는 것 같았어요. 내가 듣는 모든 것은 당신이 관심을 얻기 위해 너무 바쁘지 않았다면 고칠 수있는 것에 대해 징징 거리는 것입니다. 먹튀검증사이트

  17. They can be tips related to numerous composition categories, including college applications and complex assignments like Kaplan assignment help 먹튀검증

  18. You have done a amazing job with you website braces in tijuana

  19. Thanks for your marvelous posting! I actually enjoyed reading it, you could be
    a great author.I will remember to bookmark your blog and will
    eventually come back from now on. I want to encourage you to토토

    continue your great
    writing, have a nice weekend!

  20. 와우, 내가 찾은 훌륭한 게시물 먹튀검증

  21. Thanks for valuable posts that encourage us to come on your site. I know it takes huge patience and dedication to craft such informative articles. Anyway, I have written a informative post to someone who is interested in knowing about Bihar Sharif Pin Code