KameleonFuzz: evolutionary fuzzing for black-box XSS detection

Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

63 Citations (Scopus)


Fuzz testing consists in automatically generating and sending malicious inputs to an application in order to hopefully trigger a vulnerability. Fuzzing entails such questions as: Where to fuzz? Which parameter to fuzz? Where to observe its effects?
In this paper, we specifically address the questions: How to fuzz a parameter? How to observe its effects? To address these questions, we propose KameleonFuzz, a black-box Cross Site Scripting (XSS) fuzzer for web applications. KameleonFuzz can not only generate malicious inputs to exploit XSS, but also detect how close it is revealing a vulnerability. The malicious inputs generation and evolution is achieved with a genetic algorithm, guided by an attack grammar. A double taint inference, up to the browser parse tree, permits to detect precisely whether an exploitation attempt succeeded.

Our evaluation demonstrates no false positives and high XSS revealing capabilities: KameleonFuzz detects several vulnerabilities missed by other black-box scanners.
Original languageEnglish
Title of host publicationProceedings of the 4th ACM Conference on Data and application security and privacy
PublisherAssociation for Computing Machinery (ACM)
Number of pages12
ISBN (Print)9781450322782
Publication statusPublished - 1 Mar 2014
EventCODASPY Data and Application Security and Privacy, 4th ACM Conference 2014 - San Antonio, Texas, United States
Duration: 1 Mar 2014 → …


ConferenceCODASPY Data and Application Security and Privacy, 4th ACM Conference 2014
Country/TerritoryUnited States
Period1/03/14 → …


Dive into the research topics of 'KameleonFuzz: evolutionary fuzzing for black-box XSS detection'. Together they form a unique fingerprint.

Cite this