Web Fuzzing



 Hello There,

I already made this post but i accidentally deleted the hole post editing a typo. Not sure now i managed to do that but oh well.

What is Web Fuzzing:
Web Fuzzing is using a semi auto tool that inputs random data and techniques into a web sites testing for errors, SQLI, XSS, DOS, Crashes, Memory leaks and even web pages you should not have access to.

Why Fuzz:
Web fuzzing is important and should be used/tested agents any of your web targets because it finds the most serious flaws and it gives more better results. To be able to perform a fuzzing it's not very hard you just have to find all the inputs and testes them.

I recommend wfuzz it's a very powerful tool - https://github.com/xmendez/wfuzz
For lists i would also use SecList - https://github.com/danielmiessler/SecLists

So you are testing a website so the first step is to identify inputs.
Using go buster and multiple lists from SecList to identity Directories and Inputs.
For this example i will use torigon.ru(This is just made up)

Code: Select all

gobuster -u http://torigon.ru/ -w /path/to/Seclist/Discovery/Web-Content/big.txt
 -t 50
For the best result don't just use one word-list i would recommend the raft-large-files, raft-large-directories and raft-large-extensions

So from out testing say we found account.php upon visiting this say we got the error:
Parameter not set
So we need to now find the GET parameter so lets use wfuzz

Code: Select all

wfuzz --hh=24 -c  -w /path/to/Seclist/Discovery/Web-Content/big.txt https://torigon.ru/account.php?FUZZ=test
The Code:

Code: Select all

-hh: Filters the lenghts of charcters
-c: color output
-w: word-list
FUZZ: Keyword will be replaced from word-list
So from testing the example url we found "account.php?reset=" using wfuzz.
Looking at the websites with this we get: Account ID not found
So lets test account.php?reset=FUZZ

Code: Select all

wfuzz --hh=27 -c  -w /path/to/Seclist/Discovery/Web-Content/big.txt https://torigon.ru/account.php?reset=FUZZ
From our output we found that account.php?reset=1 would reset the password of the account with the ID of 1

Of course this is just a example of how fuzzing works and the tools so unfortunately this is not a common vulnerability you can test on any website.

I you have any questions you can feel free to ask them or if you think i have missed anything feel free to add.

Thank you for your trust and support ❤️

Follow us on Instagram | Facebook | Twitter