This repository contains the source code for NetSurf 3.11 from https://www.netsurf-browser.org/, and the supporting material for our bachelor thesis "Uncovering Software Vulnerabilities Using Source Code Analysis and Fuzzing".
To build the project with nix, simply run nix develop. Provided you have nix installed, this will build the project from our flake and drop you into a shell with netsurf-fb, netsurf-gtk and pwndbg/gdb in your $PATH.
The different builds of nix are described in ./flake.nix.
The directory ./netsurf-nix is based on https://github.com/NixOS/nixpkgs/tree/4c947c7337440843ba521c266277a161286e26a4/pkgs/applications/networking/browsers/netsurf, but contains the modifications described in the next section.
We have used Domato to test the DOM handling in NetSurf.
Our set of 1000 files are saved in ./domato_inputs.
Our scripts for generating and sorting files with domato are saved in ./fuzzing.
The breakdown of different crashes and timeouts are saved in ./domato_fuzzing and ./domato_fuzzing_nojs, respectively with and without JavaScript enabled.
This repository contains some modifications for fuzzing NetSurf with AFL++.
This includes adding some new preprocessor definitions for automatically exiting when the page is fully loaded (QUIT_WHEN_DONE) and to always enable javascript, even in framebuffer mode (FORCE_ENABLE_SCRIPTING).
These options are used in ./netsurf-nix/browser.nix, and the basic usage is shown in ./flake.nix.
To start fuzzing on any machine with docker, the Dockerfile and docker-compose.yml includes everything required to get started fuzzing on multiple cores.
In general, you should read https://aflplus.plus/docs/fuzzing_in_depth/ before starting.
- Choose or generate an input corpus, and place it in
fuzzing/inputs_x. E.g.cp -r ./fuzzing/inputs_1 ./fuzzing/inputs_x. - Create the directory
./fuzzing-outputto store AFL++'s state, IPC-files and findings. - Select the number of instances to run. Each instance consumes approximately 1 CPU core.
- (Optional) Set your CPU performance settings according to https://afl-1.readthedocs.io/en/latest/tips.html
- Start fuzzing with
docker compose up -d --build --scale afl-worker=X, where X is the desired number of cores minus 1 (the "master" process is also fuzzing on one core). - Check the status of the fuzzers with
docker logs -f --tail 50 netsurf-all-afl-master-1,docker logs -f --tail 50 netsurf-all-afl-worker-1and so on.
Crashes and hangs will be saved in ./fuzzing-output, and the containers should automatically resume when stopped(docker compose stop and docker compose start).
Note: more details, including all required dependencies, exist in ./Dockerfile.debian.
$ TARGET=framebuffer make -j 4
OR, to enable auto-exit:
$ TARGET=framebuffer make -j 4 USER_DEFINES=-DQUIT_WHEN_DONE
$ export NETSURFRES=/path/to/netsurf/frontends/framebuffer/res
$ ./netsurf/nsfb -f sdl https://news.ycombinator.com
$ ./netsurf/nsfb -v -f sdl file:///var/www/html/index.html
NetSurf is a compact graphical web browser which aims for HTML5, CSS and JavaScript support.
This complete source package contains all the required NetSurf support libraries to build the browser.
The NetSurf project provide binary builds for releases for several platforms form the website and have packaged the browser in several distributions. This option may be more suitable for some users than compiling from source.
A simple "make" is sufficient to compile the browser with the default gtk toolkit selection.
It depends upon the host system having a suitable toolchain for compiling c programs installed along with GNU make, zlib, flex, bison and lipjpeg
In addition to the core library dependencies it is strongly recommended libcurl, openssl and libpng libraries are present or the browser will not have HTTP fetches, HTTPS fetches and PNG graphics support respectively.
There are multiple GUI toolkits available which all have additional dependencies i.e. gtk browser frontend requires the gtk development libraries.