Fuzz test (framework) web application?

Question

Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications,

Answer 1

Unfortunately there is (now = September 2013) almost no general purpose Fuzz testing tool using Selenium. But luckily you could implement your own specialized fuzz tool.

Requirements:

• Knowledge of Selenium RC/WebDriver
• Some programming skill in a language that Webdriver supports
• Good structure of your HTML elements, so that you could easily focus your fuzzing. One good practice, regardless the old (messy ?) structure of your HTML pages, is to add a specific id, e.g. selenium-id to your HTML element, to (1) simplify XPath formation, (2) speed up XPath resolution and (3) to avoid translation hassle. While choosing the value for these newly added selenium-id, you are free to help iterating while fuzzing by (a) using consecutive numbers, (b) using names that forms a consistency.

I have written more extensively on this Fuzz Selenium test in here

Answer 2

As the post tagged "javascript", I'm adding here Gremlins.js which is a testing/fuzzing framework written for Node and browsers. Surprised no one mentioned it yet.

Answer 3

I was curious about this as well since we use Selenium/Java here at my office, and did some digging of my own. I found a few links that may be useful to you:

Fuzz Testing - IBM - I suspect you may have already found this link though.

Monkey Fuzz Testing - I know, I know... it's .NET. BUT, it may give you some good ideas as to how to implement it on your end.

Stephen Coldebourne's Blog - This was a great read; well worth your time.

JBroFuzz - This is pretty awesome. That is all.

Answer 4

Some new JS Fuzz testing NPM modules now existing. Sadly, many are not widely used, so expect them to need some polish or TLC.

• fuzzer
• sorrow
• javascript-fuzz
• fuzzur