Wfuzz
-c : colorize the output
-z : set the payload type (list, num, etc.)
-d : set the data to be sent with the request
-H : set the headers to be sent with the request
-e : set the encoding for the payload (urlencode, hex, etc.)
-w : set the wordlist to be used for fuzzing
-p : set the number of concurrent connections
-t : set the timeout for each request
-s : set the delay between each request
-L : follow redirects
Payload types:
list : use a wordlist to fuzz the target
num : use a range of numbers to fuzz the target
alpha : use the alphabet to fuzz the target
alphanum : use a combination of numbers and letters to fuzz the target
hex : use hexadecimal values to fuzz the target
common.txtâ wordlist to fuzz the âFUZZâ
wfuzz -c -z list,common.txt https://example.com/FUZZ
range of numbers 1â10 to fuzz the âFUZZâ
wfuzz -c -z num,1-10 https://example.com/FUZZ
alphabet to fuzz the âFUZZâ
wfuzz -c -z alpha https://example.com/FUZZ
combination of numbers and letters to fuzz the âFUZZâ
wfuzz -c -z alphanum https://example.com/FUZZ
hexadecimal values to fuzz the âFUZZâ
wfuzz -c -z hex https://example.com/FUZZ
To specify a different output format, you can use the â-oâ option followed by the format type. For example:
wfuzz -c -o json https://example.com/FUZZ
This command tells wfuzz to display the results in JSON format. Other output formats include XML, HTML, CSV, and YAML
VHOST DISCOVERY
![[Pasted image 20240505140356.png]] [Note:] --hc/hl/hw/hh Hide responses with the specified code/lines/words/chars (Use BBB for taking values from baseâline)
Advanced wfuzz Usage
In addition to setting the target URL and payload, you can also specify headers and cookies in wfuzz requests. This can be useful for testing web applications that require authentication or have specific header requirements.
To specify headers, you can use the â-Hâ option followed by the header value. For example:
wfuzz -c -H "Authorization: Bearer token" https://example.com/FUZZ
This command tells wfuzz to include the âAuthorizationâ header with the value âBearer tokenâ in each request.
To specify cookies, you can use the â â cookieâ option followed by the cookie value. For example:
wfuzz -c --cookie "name=value" https://example.com/FUZZ
This command tells wfuzz to include the ânameâ cookie with the value âvalueâ in each request.
You can specify multiple headers or cookies by separating them with a semicolon (;). For example:
wfuzz -c -H "Authorization: Bearer token; Content-Type: application/json" --cookie "name=value; session=1234" https://example.com/FUZZ
This command tells wfuzz to include the âAuthorizationâ and âContent-Typeâ headers, as well as the ânameâ and âsessionâ cookies in each request.
Fuzzing authentication systems
Fuzzing authentication systems is an important aspect of web application testing, as authentication vulnerabilities can lead to unauthorized access to sensitive data or functionality.
To fuzz authentication systems using wfuzz, you can use the â-dâ option to specify the login credentials and the â-bâ option to specify any necessary cookies. For example:
wfuzz -c -d "username=admin&password=FUZZ" -b "session=12345" https://example.com/login.php
This command tells wfuzz to use the specified login credentials and cookie value to fuzz the authentication system at the login.php endpoint. The âFUZZâ keyword will be replaced by each payload in turn.
You can also combine authentication fuzzing with other fuzzing techniques, such as brute force or injection, to test for a wider range of vulnerabilities. For example:
wfuzz -c -z brute-force -d "username=admin&password=FUZZ" -b "session=12345" https://example.com/login.php
This command tells wfuzz to use the brute force technique in combination with the specified login credentials and cookie value to test for weak passwords in the authentication system at the login.php endpoint.
By fuzzing authentication systems using wfuzz, you can identify vulnerabilities that could lead to unauthorized access to sensitive data or functionality, and take steps to remediate these vulnerabilities before they can be exploited by attackers.
wfuzz with Burp Suite
wfuzz can be integrated with Burp Suite to automate the fuzzing process and identify vulnerabilities in web applications. By using wfuzz with Burp Suite, you can leverage the power of both tools and streamline your testing process.
To run wfuzz from Burp Suite, follow these steps:
Install the wfuzz extension for Burp Suite.
Launch Burp Suite and navigate to the âExtenderâ tab.
Click on the âExtensionsâ tab and select âAddâ.
Locate the wfuzz extension file and click âNextâ to install it.
Navigate to the âProxyâ tab and send a request to the endpoint you want to fuzz.
Right-click on the request in the âProxyâ history and select âSend to wfuzzâ.
In the wfuzz interface, specify the payload you want to use and any other options you want to configure.
Click âStart Fuzzerâ to begin the fuzzing process.
Interpreting results in Burp Suite can be done in several ways. One way is to view the results in the âProxyâ history and look for unusual responses or error messages. Another way is to use the Burp Suite âScannerâ to automatically scan the target for vulnerabilities and generate a report.
By using wfuzz with Burp Suite, you can automate the fuzzing process and identify vulnerabilities in web applications more quickly and accurately. This approach allows you to save time and effort while ensuring the security of your web applications.
Some of the benefits of using wfuzz include:
Automating the fuzzing process and saving time and effort
Customizing payloads to identify specific vulnerabilities
Identifying potential security issues before they can be exploited
Integrating with other tools like Burp Suite to streamline the testing process
Last updated