Web Fuzzing

ffuf

From here https://github.com/ffuf/ffuf

Using only proxychains before ffuf doesn't work, but thanks to this concern we found a path to actually use ffuf with proxychains.

Install proxy.py library

From here https://pypi.org/project/proxy.py

python3 -m venv virtual-environment-to-proxy
source virtual-environment-to-proxy/bin/activate
pip3 install --upgrade proxy.py

Serve a proxy server with proxychains:

proxychains proxy
[...]
2525-25-25 25:25:25,901 - pid:2281626 [I] plugins.load:85 - Loaded plugin proxy.http.proxy.HttpProxyPlugin
2525-25-25 25:25:25,901 - pid:2281626 [I] tcp.listen:80 - Listening on 127.0.0.1:8899
2525-25-25 25:25:25,907 - pid:2281626 [I] pool.setup:105 - Started 2 acceptors in threadless (local) mode
[...]
# or maybe there is no output, but is running (:

Run ffuf targeting to proxy:

ffuf -c -w wordlist.txt -x http://127.0.0.1:8899 -u http://10.10.10.10/FUZZ

wfuzz

From here https://github.com/xmendez/wfuzz

proxychains -q wfuzz -c -w wordlist.txt -u http://10.10.10.10/FUZZ

Last updated