Project Setup (java api fuzzing)

Fuzzing java apis with Jazzer

Jazzer is a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It is based on libFuzzer and brings many of its instrumentation-powered mutation features to the JVM.

The JVM bytecode is executed inside the fuzzer process, which ensures fast execution speeds and allows seamless fuzzing of native libraries.

Jazzer is integrated in CI Fuzz. You can use it with the CI Fuzz VSCode plugin or the CI Fuzz web interface.

Jazzer is available as open source on github.


As example project we use the OWASP json-sanitizer in which we discovered multiple vulnerabilities.