Wadi is web browser grammar-based fuzzer. Grammars are used to describe how browsers should process web content, Wadi turns that around and uses grammars to break browsers.
Wadi is a Fuzzing module to use with NodeFuzz fuzzing Harness and utilizes AddressSanitizer(ASan) for instrumentation on Linux and Mac OSX.
Running Wadi is relatively simple:
- Perform a git clone from our Wadi Github page
- After installing NodeFuzz and downloading the ASan version of FireFox or Chrome, place the “WADI-Module.js” and “randoms.js” files in the modules directory
- Replace the “config.js” in the root NodeFuzz Directory with the modified one.
- run using #node nodefuzz.js -m ./modules/Git/WADI-Module.js -c ./config.js chrome
Wadi In Action
The following video shows how Wadi can be run. If you have any questions about using Wadi, drop us a mail