"; } } else { $html .= ">"; } } $html .= "test"; for($i=0;$i<$tagDepth;$i++) { if($incompleteTags) { $rand = rand(0,3); if($rand == 0) { $html .= "/$tag>"; } else if($rand == 1) { $html .= ""; } } return $html; } $fuzzTag = $_POST['fuzzTag']; $fuzzEvent = $_POST['fuzzEvent']; $fuzzAttribute = $_POST['fuzzAttribute']; $fuzzQuoteStyle = $_POST['fuzzQuoteStyle']; $fuzzTagDepth = (int) $_POST['fuzzTagDepth']; $fuzzIncompleteTags = (int) $_POST['fuzzIncompleteTags']; $fuzzHTMLTags = (int) $_POST['fuzzHTMLTags']; $fuzzRangeFrom = (int) $_POST['fuzzRangeFrom']; $fuzzRangeTo = (int) $_POST['fuzzRangeTo']; $fuzzJavascript = (int) $_POST['fuzzJavascript']; $fuzzTagCase = $_POST['fuzzTagCase']; $fuzzEventCase = $_POST['fuzzEventCase']; $fuzzAttributeCase = $_POST['fuzzAttributeCase']; $fuzzStyleCase = $_POST['fuzzStyleCase']; $fuzzStylePropertyCase = $_POST['fuzzStylePropertyCase']; $fuzzStyle = $_POST['fuzzStyle']; $fuzzStyleProperty = $_POST['fuzzStyleProperty']; $fuzzStyleOptions = $_POST['fuzzStyleOptions']; $randomiseAll = (int) $_POST['randomiseAll']; $runUntilExecute = (int) $_POST['runUntilExecute']; $fuzzSpacing = (int) $_POST['fuzzSpacing']; $enableEvents = (int) $_POST['enableEvents']; $enableAttributes = (int) $_POST['enableAttributes']; $enableStyles = (int) $_POST['enableStyles']; $fuzzTag = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzTag); $fuzzEvent = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzEvent); $fuzzAttribute = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzAttribute); $fuzzQuoteStyle = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzQuoteStyle); $fuzzHTMLTags = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzHTMLTags); $fuzzRangeFrom = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzRangeFrom); $fuzzRangeTo = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzRangeTo); $fuzzTagCase = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzTagCase); $fuzzEventCase = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzEventCase); $fuzzAttributeCase = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzAttributeCase); $fuzzStyle = ereg_replace("[^[:alnum:][:space:]]-", "", $fuzzStyle); $fuzzStyleProperty = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzStyleProperty); $fuzzStyleCase = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzStyleCase); $fuzzStylePropertyCase = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzStylePropertyCase); $fuzzStyleOptions = ereg_replace("[^[:alnum:][:space:]]", "", $fuzzStyleOptions); $run = 1; if(!in_array($fuzzTag, $tags, true)) { echo '

Invalid tag selected.

'; $run = 0; } if(!in_array($fuzzEvent, $events, true)) { echo '

Invalid event selected.

'; $run = 0; } if(!in_array($fuzzAttribute, $attributes, true)) { echo '

Invalid attribute selected.

'; $run = 0; } if(!in_array($fuzzStyle, $styles, true)) { echo '

Invalid style selected.

'; $run = 0; } if(!in_array($fuzzStyleProperty, $styleProperties, true)) { echo '

Invalid style property selected.

'; $run = 0; } if(!($fuzzRangeFrom <= 127 && $fuzzRangeFrom >= 1 && $fuzzRangeTo <= 127 && $fuzzRangeTo >= 1 && $fuzzRangeFrom <= $fuzzRangeTo)) { echo '

Invalid range selected.

'; $run = 0; } if(!in_array($fuzzTagCase, $cases, true)) { echo '

Invalid case selected for the tag.

'; $run = 0; } if(!in_array($fuzzEventCase, $cases, true)) { echo '

Invalid case selected for the event.

'; $run = 0; } if(!in_array($fuzzAttributeCase, $cases, true)) { echo '

Invalid case selected for the attribute.

'; $run = 0; } if(!in_array($fuzzStyleCase, $cases, true)) { echo '

Invalid case selected for style.

'; $run = 0; } if(!in_array($fuzzStylePropertyCase, $cases, true)) { echo '

Invalid case selected for style property.

'; $run = 0; } switch($fuzzQuoteStyle) { case "No quotes": case "Single quotes": case "Double quotes": case "Random character quotes": case "Backticks": break; default: $run = 0; echo '

Invalid quote style selected.

'; break; } switch($fuzzStyleOptions) { case "Brackets": case "None": case "Single Quotes": case "Double Quotes": case "Random": break; default: $run = 0; echo '

Invalid style options selected.

'; break; } switch($fuzzTagDepth) { case 1: case 2: case 3: break; default: $run = 0; echo '

Invalid tag depth selected.

'; break; } if($run) { IF($runUntilExecute): ?>

Execution notices will appear here.

'; echo '

'; echo '

'; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; $codeBlocks = array(); for($i=0;$i<50;$i++) { if($randomiseAll) { $fuzzTag = $tags[rand(0, count($tags)-1)]; $fuzzEvent = $events[rand(0, count($events)-1)]; $fuzzAttribute = $attributes[rand(0, count($attributes)-1)]; $quoteList = array('No quotes','Single quotes','Double quotes','Backticks','Random character quotes'); $fuzzQuoteStyle = $quoteList[rand(0, count($quoteList)-1)]; $fuzzTagDepth = rand(1,3); $fuzzIncompleteTags = rand(0,1); $fuzzHTMLTags = rand(0,1); $fuzzRangeFrom = rand(1,127); $fuzzRangeTo = rand($fuzzRangeFrom,127); $fuzzJavascript = rand(0,1); $fuzzTagCase = $cases[rand(0, count($cases)-1)]; $fuzzEventCase = $cases[rand(0, count($cases)-1)]; $fuzzAttributeCase = $cases[rand(0, count($cases)-1)]; $fuzzStyleCase = $cases[rand(0, count($cases)-1)]; $fuzzStylePropertyCase = $cases[rand(0, count($cases)-1)]; $fuzzStyle = $styles[rand(0, count($styles)-1)]; $fuzzStyleProperty = $styleProperties[rand(0, count($styleProperties)-1)]; $styleOptionsList = array('Brackets','None','Single Quotes','Double Quotes','Random'); $fuzzStyleOptions = $styleOptionsList[rand(0, count($styleOptionsList)-1)]; } $charNum = rand($fuzzRangeFrom,$fuzzRangeTo); if($i % 2 == 0) { $class= "bgcolour1"; } else { $class= "bgcolour2"; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; if($fuzzIncompleteTags) { echo ''; } else { echo ''; } $code = generateCodeBlock($fuzzTag,$fuzzEvent,$fuzzAttribute,$fuzzQuoteStyle,$fuzzTagDepth,$fuzzIncompleteTags,$charNum, $row, $fuzzHTMLTags, $fuzzTagCase, $fuzzEventCase, $fuzzAttributeCase,$fuzzStyle, $fuzzStyleProperty,$fuzzStyleCase,$fuzzStylePropertyCase, $fuzzStyleOptions, $fuzzJavascript, $fuzzSpacing, $enableEvents, $enableAttributes, $enableStyles ); echo ''; echo ''; echo ''; echo ''; array_push($randomNumbers, $row); array_push($codeBlocks, $code); $row++; } echo '

Pos	Tag selected	Event selected	Attribute selected	Quote Style	Tag Depth	Incomplete tags?	Random character used	Random ASCII Number	Code view
'.$row.'	'.$fuzzTag.'	'.$fuzzEvent.'	'.$fuzzAttribute.'	'.$fuzzQuoteStyle.'	'.$fuzzTagDepth.'	Yes	No	'.chr($charNum).'	'.$charNum.'	Send to Firebug

'; ; echo '

'; echo '

Fuzz display window

'; echo ''; } else { echo '

The javascript was not run because the data supplied was not allowed.

'; } ?>

Global options

Randomise all options?:

Run until javascript execution?:

HTML Tags

Select tag to fuzz: '.$tag.''; } ?> '.$case.''; } ?>

Enable events fuzz?

Event to fuzz: '.$event.''; } ?> '.$case.''; } ?>

Enable attributes fuzz?

Attribute to fuzz: '.$attribute.''; } ?> '.$case.''; } ?>

Styles

Enable style fuzz?

Style to fuzz: '.$style.''; } ?> '.$case.''; } ?>

Style Property to fuzz: '.$styleProperty.''; } ?> '.$case.''; } ?>

Style options: Brackets None Single Quotes Double Quotes Random

Other options

Character range
(Min 1, Max 127): From: To:

Quote style: No quotes Single quotes Double quotes Backticks Random character quotes

Tag depth: 1 2 3

Use incomplete tags:

Fuzz HTML tags:

Fuzz Javascript: in style and attributes:

Use random space/tabs?:

Subscribe to JSFuzz

Email:

Visit this group