FFUF

24 May 2020 in Others

ffuf is a fast web fuzzer written in Go. It is a tool used to fuzz web applications, finding hidden directories and files.

Note: some of the options may not work with the older version of ffuf.

ffuf -w wordlist.txt -u [url] -o output.txt replay-proxy http://127.0.0.1:8080

Basic Usage With a Cookie

ffuf -w wordlist.txt -u [url] -o output.txt replay-proxy http://127.0.0.1:8080 -b "cookie"

Fuzzing headers

ffuf -w wordlist.txt -u https://example.com/api/users/6 -o output.txt -replay-proxy http://127.0.0.1:8080 -H "user-agent:FUZZ"

Adding a delay

-p -> Reduce the seconds between request. -t -> reduce the number of threads.

ffuf -w wordlist.txt -u https://example.com/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 -p 1 -t 3

-rate -> Limit to request per second

ffuf -w wordlist.txt -u https://example.com/api/FUZZ/6 -o output.txt -replay-proxy http://127.0.0.1:8080 -rate 100

Fuzzing 2 values

ffuf -w wordlist.txt:FUZZ -w lowercase.txt:LOW -u https://example.com/api/FUZZ/LOW  -o output.txt -replay-proxy http://127.0.0.1:8080

Filters & Matches

• Matches Options:

  • -mc Match HTTP status codes, or “all” for everything. (default: 200, 204, 301, 302, 307, 401, 403).
  • -ml Match amount of line in response.
  • -mr Match regexp.
  • -ms Match HTTP response size.
  • -mw Match amount of words in response.

• Filter Options:

  • -fc Filter HTTP status codes from response.Comma separated list of code and ranges
  • fl Filter my amount of lines in response.
  • -fr Filter regexp
  • -fs Filter HTTP response size.
  • -fw Filter by amount of words in response.

ffuf -w wordlist.txt:FUZZ -w lowercase:LOW -u  https://example.com/api/FUZZ/LOW  -o output.txt -replay-proxy http://127.0.0.1:8080 -fw 1

ffuf -w wordlist.txt:FUZZ -w lowercase:LOW -u  https://example.com/api/FUZZ/LOW  -o output.txt -replay-proxy http://127.0.0.1:8080 -mc 302

ffuf -w wordlist.txt:FUZZ -w lowercase:LOW -u  https://example.com/api/FUZZ/LOW  -o output.txt -replay-proxy http://127.0.0.1:8080 -fr "not found"

Dealing With Form Data GET/POST

ffuf -w wordlist.txt -X POST -d "email=test@gmail.com&issue=user&information=FUZZ" -u https://example.com/login -o output.txt replay-proxy http://127.0.0.1:8080

Fuzzing Parameters (POST)

ffuf -w wordlist.txt -X POST -d "email=test@gmail.com&issue=user&FUZZ=test" -u https://example.com/login -o output.txt replay-proxy http://127.0.0.1:8080

Fuzzing JSON Post Data

ffuf -w wordlist.txt -X "PUT"  -u https://example.com/login  -H "Content-Type:application/json" -d "{'FUZZ': 'text'}"  -o output.txt replay-proxy http://127.0.0.1:8080