First of all, Happy new hacking year everyone 😉

I got asked multiple time if fuzzing WebAssembly APIs of Javascript engines is complicated, so here is a short tutorial using Dharma (but you can use Domato if you prefer).

In this blogpost, I will first detailed WebAssembly Javascript APIs supported by major browsers. Then, I’ll explains how to use Dharma to generate valid Javascript file to fuzz WebAssembly APIs. Finally, I’ll show an easy way to execute those generated testcases over ASAN build of Chrome/V8 engine.

Just a quick reminder before we start, if you are interested about WebAssembly security and fuzzing WebAssembly Browsers/VMs, I decided to convert my 4-day live training into recorded courses.

More details here.