Comprehensive Thread on Web App Fuzzing!
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?
↓
{1/16}
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
{2/16}
Fuzzing is since several years and has been done is different ways.
The term "fuzz" originated from a fall 1988 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.
{3/16}
Fuzzing Web Applications :
Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in @owasp Top 10.
{4/16}
Steps: 1. Decide the web app type/tech stack (php,aspx,jsp) 2. Check data injection points (input points) 3. fuzzing payloads (fuzzing dictionaries, encoded payloads, superfluous data ) 4. Observing the application.
{5/16}
Tools:
FFUF
Wfuzz
Owasp ZAP
Burp suite
boofuzz
{6/16}
Web App Fuzzing using FFUF:
FFUF is a command-line tool for web fuzzing on a web server by author @joohoi written in go.
PS: These are the list of questions I have come across and questions faced by my students in their interviews.
Feel free to add more below 👇
1. What is your fav OWASP Top 10 bug 2. Explain your methodology? #infosec#bugbounty
3. CSRF vs SSRF 4. What can an attacker do with XSS 5. Requirements of CSRF to happen 6. Root cause of Clickjacking 7. What is diff between SAST & DAST 8. Black/White/Grey Box Testing 9. What is threat, vulnerability, risk 10. What is CIA Triad 11. What are cookie attributes
12. What are most common business logic issues? 13. Question on Burpsuite Tabs 14. What are your fav open source tools? 15. How will you protect against ransomware? 16. What is XXE attack, explain any payload? 17. SSRF and what can be achieved? 18. How can we fix SQLi #infosec
💡Manual:
GitHub Dorking is basically finding leaks in the code pushed by the target organisation or its employees.
1. org: evilcorp[.]com 2. language:"bash" org:evilcorp[.]com 3. "target[.]com" language:python "secret" "password" "key" NOT docs NOT sandbox NOT test NOT fake