Shazzer - Shared online fuzzing

- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Cheat sheet
- Unicode table
- Help
- Home
- Blog
  - Blog home
  - RSS
- Login
- Vectors
- Cheat sheet
- Unicode table
- Help

Shazzer
Shared online fuzzer

Fuzzing browsers since 2012

Made by Gareth Heyes
Follow me on Twitter: @garethheyes

New users

pablosobrerobdo hocnc hipotermiahacks fishystock dulphMain dandh811 Serizao-bzhunt t0t048 LEEjieiun nullkrypt jonathanlevy-imper xkmikze L3ster1337 ixSly fiansodesmines x6vrn santaonbeach MbarekYta sumeet-darekar slandren

Popular users

hackvertor (38)renniepak (9)JorianWoltjer (6)joaxcar (5)albinowax (5)RenwaX23 (4)0x999-x (4)masatokinugawa (3)d0ge (2)hansmach1ne (2)AyushXtha (2)freddyb (1)B-i-t-K (1)ThomasOrlita (1)koto (1)DreyAnd (1)jonathann403 (1)securaji (1)InsertScript (1)K4r1it0 (1)

Recently updated vectors

Characters that cause the backslash to be consumed with GBK charset URL scheme separator alternatives Characters appended at the end of PORT within URL, which yield a different HOST Characters before custom tag Characters encoded by encodeURIComponent()Characters encoded by encodeURI()Characters encoded by escape()encodeURI() not encoded with %Characters allowed after throw statement Characters allowed either side of a variable assignment Characters allowed after a bigint Characters allowed inside javascript protocol and still returns the hostname Characters ignored following slash in self closing tag Characters cause self closing tag masato - braves parsing finding valid characters Closing title tag name separators dsqd

New vectors

Valid space characters in a regex Unicode "Latin" characters using \p{scx=Latin} RegEx Characters matching RegEx /\w/ui Characters allowed in between // in absolute URL characters between function name and parentheses Characters allowed begin from a forward slash character in javascript protocol Characters allowed while closing script tag Characters after https URI scheme which prevent URL parsing of href chars before img tags Chars allowed before style attribute...Characters allowed before after onerror events Electron XSS TEST Characters allowed in between @import dsqd Closing title tag name separators masato - braves parsing finding entity test masato - braves parsing finding valid characters masato - braves parsing finding valid attributes masato - braves parsing finding Named HTML entities that can be closed with !

Most popular

URL domain dot alternatives (6.5k)Characters allowed javascript and colon (6.2k)JavaScript Scheme starting with https:// (6.2k)Characters allowed between hostname and / but don't change the hostname (5.3k)Characters between < and element name (5.3k)Characters that can precede the javascript protocol (5k)DOM element relationships (5k)HTML entities that create ASCII characters inside a JavaScript URL (4.7k)characters allowed between exclamation mark and greater then (4.6k)Characters allowed javascript and colon copy2 (4.5k)< removal bypass (4.2k)Characters appended at the end of TLD within URL, which yield in the same Origin (3.8k)Characters that close or encapsulate HTML attribute values (3.7k)Character that closes HTML tag (3.7k)Characters that cause exceptions when URL encoded (3.6k)Entities that cause an external URL before @ (3.5k)Unicode characters that get normalized into path traversal characters (3.4k)Characters allowed between multiple HTML attributes (3.4k)Includes Validation Chars Allowed (3.4k)Characters allowed after hostname but don't change the hostname (3.4k)

Most liked

URL domain dot alternatives (5)JavaScript Scheme starting with https:// (4)Characters allowed between hostname and / but don't change the hostname (4)Characters allowed between multiple HTML attributes (4)HTML entities that create ASCII characters inside a JavaScript URL (4)Entities that cause an external URL before @ (4)Characters that cause an external URL before @ (3)Characters allowed inside javascript protocol and still returns the hostname (3)Characters allowed while closing script tag (3)Characters allowed javascript and colon (3)Characters that can precede the javascript protocol (3)Characters that cause exceptions when URL encoded (2)Properties that contain URLs (2)Characters allowed after hostname but don't change the hostname (2)Unicode characters that get normalized into path traversal characters (2)Characters that can start an HTML comment (2)HTML elements that are self closing or different text content (2)Characters appended at the end of TLD within URL, which yield in the same Origin (2)Characters allowed in-between operators (2)Characters that can be used as valid labels in JavaScript (2)

disconnected

Distributed Fuzzing

Enabled:

Status:disconnected

Your browser automatically contributes to distributed fuzzing when idle.