# Web Fuzzing

## ffuf

From here <https://github.com/ffuf/ffuf>

Using only `proxychains` before `ffuf` doesn't work, but thanks to [this concern](https://github.com/ffuf/ffuf/issues/50) we found a path to actually use `ffuf` with `proxychains`.

### Install proxy.py library

From here [https://pypi.org/project/proxy.py](https://pypi.org/project/proxy.py/)

```bash
python3 -m venv virtual-environment-to-proxy
source virtual-environment-to-proxy/bin/activate
pip3 install --upgrade proxy.py
```

Serve a proxy server with proxychains:

```bash
proxychains proxy
```

```bash
[...]
2525-25-25 25:25:25,901 - pid:2281626 [I] plugins.load:85 - Loaded plugin proxy.http.proxy.HttpProxyPlugin
2525-25-25 25:25:25,901 - pid:2281626 [I] tcp.listen:80 - Listening on 127.0.0.1:8899
2525-25-25 25:25:25,907 - pid:2281626 [I] pool.setup:105 - Started 2 acceptors in threadless (local) mode
[...]
# or maybe there is no output, but is running (:
```

Run **ffuf** targeting to proxy:

```bash
ffuf -c -w wordlist.txt -x http://127.0.0.1:8899 -u http://10.10.10.10/FUZZ
```

## wfuzz

From here <https://github.com/xmendez/wfuzz>

```bash
proxychains -q wfuzz -c -w wordlist.txt -u http://10.10.10.10/FUZZ
```