Comprehensive Thread on Web App Fuzzing!
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?
↓
{1/16}
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?
↓
{1/16}
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
{2/16}
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
{2/16}
Fuzzing is since several years and has been done is different ways.
The term "fuzz" originated from a fall 1988 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.
{3/16}
The term "fuzz" originated from a fall 1988 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.
{3/16}
Fuzzing Web Applications :
Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in @owasp Top 10.
{4/16}
Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in @owasp Top 10.
{4/16}
Steps:
1. Decide the web app type/tech stack (php,aspx,jsp)
2. Check data injection points (input points)
3. fuzzing payloads (fuzzing dictionaries, encoded payloads, superfluous data )
4. Observing the application.
{5/16}
1. Decide the web app type/tech stack (php,aspx,jsp)
2. Check data injection points (input points)
3. fuzzing payloads (fuzzing dictionaries, encoded payloads, superfluous data )
4. Observing the application.
{5/16}
Tools:
FFUF
Wfuzz
Owasp ZAP
Burp suite
boofuzz
{6/16}
FFUF
Wfuzz
Owasp ZAP
Burp suite
boofuzz
{6/16}
Web App Fuzzing using FFUF:
FFUF is a command-line tool for web fuzzing on a web server by author @joohoi written in go.
• Install :
• go get -u github.com/ffuf/ffuf
• apt install ffuf
• ffuf -h
{7/16}
FFUF is a command-line tool for web fuzzing on a web server by author @joohoi written in go.
• Install :
• go get -u github.com/ffuf/ffuf
• apt install ffuf
• ffuf -h
{7/16}
FFUF Fuzzing :
• Simple Attack
ffuf -u test.com/FUZZ/ -w file.txt
• Simple Attack with multiple wordlists & silent
ffuf -u test.com/W2/W1/ -w dict1.txt:W1 -w dict2.txt:W2 -s
• With extensions
ffuf -u test.com -w file.txt -e .php
{8/16}
• Simple Attack
ffuf -u test.com/FUZZ/ -w file.txt
• Simple Attack with multiple wordlists & silent
ffuf -u test.com/W2/W1/ -w dict1.txt:W1 -w dict2.txt:W2 -s
• With extensions
ffuf -u test.com -w file.txt -e .php
{8/16}
FFUF Fuzzing :
• POST based
ffuf -request file.txt -request-proto http -mode clusterbomb -w 1.txt:H1 -w 2.txt:H2 -mc 200
•Matching Status Code:
ffuf -u test.com -w file.txt -mc 200
•Matching Lines:
ffuf -u test.com -w file.txt -ml 10
{9/16}
• POST based
ffuf -request file.txt -request-proto http -mode clusterbomb -w 1.txt:H1 -w 2.txt:H2 -mc 200
•Matching Status Code:
ffuf -u test.com -w file.txt -mc 200
•Matching Lines:
ffuf -u test.com -w file.txt -ml 10
{9/16}
• Matching Words
ffuf -u test.com -w file.txt -mw 10
• Matching Size
ffuf -u test.com -w file.txt -ms 1337
• Matching Regexp
ffuf -u test.com -w file.txt -mr "root:x"
{10/16}
ffuf -u test.com -w file.txt -mw 10
• Matching Size
ffuf -u test.com -w file.txt -ms 1337
• Matching Regexp
ffuf -u test.com -w file.txt -mr "root:x"
{10/16}
Filter Usage :
• Filter Code (Remove 404 from results)
ffuf -u test.com -w file.txt -fc 404
• Filter Lines (Remove length from results)
ffuf -u test.com -w file.txt -fl 1337
{11/16}
• Filter Code (Remove 404 from results)
ffuf -u test.com -w file.txt -fc 404
• Filter Lines (Remove length from results)
ffuf -u test.com -w file.txt -fl 1337
{11/16}
• Filter Size (Filter size from results)
ffuf -u test.com -w file.txt -fs 1337
• Filter Words (Filter size from results)
ffuf -u test.com -w file.txt -fw 1337
• Filter Regexp
ffuf -u test.com -w file.txt -fr 1337
{12/16}
ffuf -u test.com -w file.txt -fs 1337
• Filter Words (Filter size from results)
ffuf -u test.com -w file.txt -fw 1337
• Filter Regexp
ffuf -u test.com -w file.txt -fr 1337
{12/16}
• Add Delay in each requests ( in seconds)
ffuf -u test.com -w file.txt -p 3
• Request Rate Limits ( requests/seconds)
ffuf -u test.com -w file.txt -rate 1337
• Threads Limits
ffuf -u test.com -w file.txt -t 1337
{13/16}
ffuf -u test.com -w file.txt -p 3
• Request Rate Limits ( requests/seconds)
ffuf -u test.com -w file.txt -rate 1337
• Threads Limits
ffuf -u test.com -w file.txt -t 1337
{13/16}
Output Usage:
• O/P in HTML
ffuf -u test.com -w file.txt -o file.html -of html
• O/P in CSV
ffuf -u test.com -w file.txt -o file.csv -of csv
• O/P in CSV (all formats)
ffuf -u test.com -w file.txt -o file -of all
{14/16}
• O/P in HTML
ffuf -u test.com -w file.txt -o file.html -of html
• O/P in CSV
ffuf -u test.com -w file.txt -o file.csv -of csv
• O/P in CSV (all formats)
ffuf -u test.com -w file.txt -o file -of all
{14/16}
Misc Usage:
• Timeout Requests
ffuf -u test.com -w file.txt -timeout 3
• Host Header
ffuf -u test.com -w file.txt -H "HOST: FUZZ.test.com"
• Recursion ( To recursively fuzz)
ffuf -u test.com -w file.txt -recursion
{15/16}
• Timeout Requests
ffuf -u test.com -w file.txt -timeout 3
• Host Header
ffuf -u test.com -w file.txt -H "HOST: FUZZ.test.com"
• Recursion ( To recursively fuzz)
ffuf -u test.com -w file.txt -recursion
{15/16}
Misc Usage:
• Replay Proxy (Send requests to burp suite)
ffuf -u test.com -w file.txt -replay-proxy http://127.0.0.1:8080
📽 Video Resources:
{16/16}
• Replay Proxy (Send requests to burp suite)
ffuf -u test.com -w file.txt -replay-proxy http://127.0.0.1:8080
📽 Video Resources:
{16/16}
• • •
Missing some Tweet in this thread? You can try to
force a refresh
