├── README.md
├── background.js
├── manifest.json
├── marketing
    ├── fuzzerDemo.gif
    ├── ic_launcher.png
    ├── ic_launcher
    │   ├── res
    │   │   ├── 128x128
    │   │   │   └── ic_launcher.png
    │   │   ├── mipmap-hdpi
    │   │   │   └── ic_launcher.png
    │   │   ├── mipmap-mdpi
    │   │   │   └── ic_launcher.png
    │   │   ├── mipmap-xhdpi
    │   │   │   └── ic_launcher.png
    │   │   ├── mipmap-xxhdpi
    │   │   │   └── ic_launcher.png
    │   │   └── mipmap-xxxhdpi
    │   │   │   └── ic_launcher.png
    │   └── web_hi_res_512.png
    ├── replaceLinksDemo.gif
    ├── screenShot.PNG
    └── tileImage.jpg
├── popup.html
└── popup.js


/README.md:
--------------------------------------------------------------------------------
 1 | # Lazy Fuzzer
 2 | 
 3 | ## Context menu
 4 |  
 5 |   Right click on any input field, hover over "Lazy Fuzzer", and select the payload you would like to inject.
 6 | 
 7 | ## Extension Menu
 8 |  
 9 |  Click on the LF icon and select any of the available options.
10 | 
11 |    * Current features
12 |       * *Replace links:* Replaces all href links on the page with their actual values for easier analysis.
13 |           * *Note:* This will break some links, so a refresh is likely needed to navigate most links starting with '#'
14 | 
15 | 
16 | ## Help
17 |   <a href="http://superuser.com/questions/247651/how-does-one-install-an-extension-for-chrome-browser-from-the-local-file-system">How to load an unpacked extension</a>
18 |   
19 |   Or download from the <a href="https://chrome.google.com/webstore/detail/lazy-fuzzer/ghmopjhkkcjplianfnijfdjjaacmbkan">Chrome Web Store</a>
20 | 
21 | ## Demos
22 | ### Fuzzing
23 |  <img src="marketing/fuzzerDemo.gif"/>
24 |  
25 | ### Replace Links
26 |  <img src="marketing/replaceLinksDemo.gif"/>
27 | 


--------------------------------------------------------------------------------
/background.js:
--------------------------------------------------------------------------------
 1 | // The onClicked callback function.
 2 | function onClickHandler(info, tab) {
 3 |     //For CSV injection and such that require " and '
 4 |     var id = info.menuItemId.replace(/'/g, "\\'").replace(/"/g, '\\"');
 5 |     //Insert the value into the currently selected text field
 6 |     chrome.tabs.executeScript({
 7 |         code: 'document.activeElement.value =\'' + id + '\''
 8 |     })
 9 | };
10 | 
11 | chrome.contextMenus.onClicked.addListener(onClickHandler);
12 | 
13 | // Set up context menu tree at install time.
14 | chrome.runtime.onInstalled.addListener(function() {
15 |     //Top level menus
16 |     createContext('XSS');
17 |     createContext('SQLi');
18 |     createContext('CSVi');
19 |     //Sub menus
20 |     createContext('<b>test</b>', 'XSS');
21 |     createContext('<script>alert()</script>', 'XSS');
22 |     createContext('\' or 1=1 -- ', 'SQLi');
23 |     createContext('\' and 1=2 -- ', 'SQLi');
24 |     createContext("\",=cmd|\'/c calc\'!\'c3\',\"", 'CSVi');
25 | });
26 | 
27 | //Payload will be the title value
28 | //If it's a child menu the parent id must be passed in
29 | function createContext(title, parent) {
30 |     if (parent) {
31 |         chrome.contextMenus.create({
32 |             "title": title,
33 |             "parentId": parent,
34 |             "id": title,
35 |             "contexts": ['editable']
36 |         });
37 |     } else {
38 | 
39 |         chrome.contextMenus.create({
40 |             "title": title,
41 |             "id": title,
42 |             "contexts": ['editable']
43 |         });
44 |     }
45 | }
46 | 


--------------------------------------------------------------------------------
/manifest.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "Lazy Fuzzer",
 3 |     "description": "Help with fuzzing various input fields",
 4 |     "version": "1.0",
 5 |     "permissions": ["contextMenus", "activeTab", "http://*/*", "https://*/*"],
 6 |     "background": {
 7 |         "persistent": false,
 8 |         "scripts": ["background.js"]
 9 |     },
10 |     "icons": {
11 |         "48": "marketing/ic_launcher.png"
12 |     },
13 |     "browser_action": {
14 |         "default_title": "Lazy Fuzzer",
15 |         "default_popup": "popup.html"
16 |     },
17 |     "manifest_version": 2,
18 |     "content_security_policy": "script-src 'self' https://ajax.googleapis.com; object-src 'self'"
19 | }
20 | 


--------------------------------------------------------------------------------
/marketing/fuzzerDemo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/fuzzerDemo.gif


--------------------------------------------------------------------------------
/marketing/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher.png


--------------------------------------------------------------------------------
/marketing/ic_launcher/res/128x128/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher/res/128x128/ic_launcher.png


--------------------------------------------------------------------------------
/marketing/ic_launcher/res/mipmap-hdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher/res/mipmap-hdpi/ic_launcher.png


--------------------------------------------------------------------------------
/marketing/ic_launcher/res/mipmap-mdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher/res/mipmap-mdpi/ic_launcher.png


--------------------------------------------------------------------------------
/marketing/ic_launcher/res/mipmap-xhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher/res/mipmap-xhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/marketing/ic_launcher/res/mipmap-xxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher/res/mipmap-xxhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/marketing/ic_launcher/res/mipmap-xxxhdpi/ic_launcher.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher/res/mipmap-xxxhdpi/ic_launcher.png


--------------------------------------------------------------------------------
/marketing/ic_launcher/web_hi_res_512.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/ic_launcher/web_hi_res_512.png


--------------------------------------------------------------------------------
/marketing/replaceLinksDemo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/replaceLinksDemo.gif


--------------------------------------------------------------------------------
/marketing/screenShot.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/screenShot.PNG


--------------------------------------------------------------------------------
/marketing/tileImage.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/JacobReynolds/LazyFuzzer/8772cdfd016221c5a1f6ef9a3558df42daea618d/marketing/tileImage.jpg


--------------------------------------------------------------------------------
/popup.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | 
 3 | <head>
 4 |   <style>
 5 |   body {
 6 |     width: 200px;
 7 |   }</style>
 8 | </head>
 9 | 
10 | <body>
11 |     <h1>Lazy Fuzzer</h1>
12 |     <h2>DOM Manipulation</h2>
13 |     <ul><li><button id="replaceLinks">Replace links</button></li></ul>
14 | 
15 | </body>
16 | <script type="text/javascript" src="popup.js"></script>
17 | 
18 | </html>
19 | 


--------------------------------------------------------------------------------
/popup.js:
--------------------------------------------------------------------------------
 1 | //Onload click handler, since CSP prevents onClick
 2 | window.addEventListener('load', function() {
 3 |         document.getElementById('replaceLinks').addEventListener('click', replaceLinks, false);
 4 |     }) //Run a command in the current tab
 5 | 
 6 | function executeCode(input) {
 7 |     chrome.tabs.executeScript({
 8 |         code: input
 9 |     });
10 | }
11 | 
12 | //Replace all hyperlinks with their actual link
13 | function replaceLinks() {
14 |     executeCode('document.body.innerHTML = document.body.innerHTML.replace(/(<a.*?href=")([^\\\'\\"]+)(\".*?>)([\\D\\d]*?)(<\\/a>)/g, \'$1$2$3$2$5\')')
15 | }
16 | 


--------------------------------------------------------------------------------