Distributed Fuzzing: Crowdsourced Browser Testing

Shazzer has always been about discovering browser quirks and security edge cases through fuzzing. Today, I'm excited to introduce a new feature that takes this to the next level: Distributed Fuzzing.

What is Distributed Fuzzing?

Distributed fuzzing allows every visitor to Shazzer to contribute their browser's computing power to help test vectors across different browsers and versions. When you visit Shazzer, your browser can automatically run fuzz tests in the background, contributing results back to the community.

This means vectors get tested across a much wider range of browsers, versions, and platforms than any single researcher could achieve alone.

How It Works

The system uses WebSockets via PartyKit to coordinate fuzzing tasks across connected browsers. Here's the flow:

1. Connection: When you visit Shazzer, your browser establishes a WebSocket connection to the fuzzing coordination server
2. Registration: Your browser reports its type (Chrome, Firefox, Safari, Edge), version, and platform
3. Task Distribution: The server identifies vectors that need testing for your specific browser and dispatches tasks
4. Execution: Your browser runs the fuzz test locally using the same engines that power manual fuzzing on Shazzer
5. Results: Results are sent back and stored, attributed to your browser type and version

The server intelligently tracks which browser/version combinations have already been tested for each vector, avoiding redundant work. It also detects when browser versions become outdated and schedules re-testing to catch behavioural changes in new releases.

What Gets Tested

The distributed system tests all three fuzzing modes:

• HTML Parsing: Testing how browsers parse and render HTML
• JavaScript Execution: Finding quirks in JavaScript syntax and behaviour
• XSS Vectors: Discovering cross-site scripting edge cases

Each test runs in a sandboxed environment within your browser, exactly as if you were running the vector manually.

Privacy and Control

Your browser only executes publicly available vectors - the same ones anyone can see and run on Shazzer. No personal data is collected or transmitted; only the fuzzing results (which characters/code points matched) along with your browser type and version.

You have full control: If you prefer not to participate, simply click the fuzzing status indicator in the bottom-right corner of the page and toggle the switch to disable distributed fuzzing. Your preference is saved locally and persists across sessions.

The Status Indicator

You'll notice a small status indicator in the bottom-right corner of the page:

• Green dot + "X fuzzers": Connected and ready, showing how many browsers are currently contributing
• Blue pulsing dot + "Fuzzing...": Your browser is actively running a fuzz test
• Gray dot + "disabled": Distributed fuzzing is turned off
• Yellow dot + "connecting": Establishing connection
• Red dot + "error": Connection issue

Click the indicator to see more details including a breakdown of connected browsers by type and the toggle to enable/disable participation.

Why Contribute?

Browser fuzzing is most valuable when we have comprehensive coverage across different browsers and versions. A quirk that exists in Chrome might not exist in Firefox. A behaviour that changed in Safari 17 might still be present in Safari 16.

By contributing your browser's idle cycles, you're helping build a more complete picture of browser behaviour that benefits the entire security research community. The results you help generate are available to everyone using Shazzer.

Technical Details

For those interested in the implementation:

• Coordination Server: PartyKit (WebSocket-based real-time coordination)
• Task Scheduling: Alarm-based polling that identifies vectors needing results for specific browsers
• Version Tracking: Results are stored per browser/version/platform/charset combination
• Staleness Detection: Browser results are considered outdated after major version increments, triggering re-testing

The system is designed to be lightweight - tasks are dispatched one at a time per browser, and the fuzzing engines are the same battle-tested code used for manual vector execution.

Get Involved

Simply by visiting Shazzer with distributed fuzzing enabled (the default), you're already contributing. Browse vectors, create your own, or just leave a tab open - your browser will help test vectors whenever idle tasks are available.

Together, we can build the most comprehensive database of browser fuzzing results available anywhere.

Happy fuzzing!