FFUF : Tooling Series

Hey guys it’s me Uday and today i’ve found a very interesting tool and i would like to share information that i’ve collected, so let’s start.

So first of all are you familiar with the term Fuzzing? if yes then jump to next paragraph and if no then continue reading. So Fuzzing in the words of OWASP :

Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.

okay let me explain this …
Sending Random data to input so that the other end act weirdly and if it acts differently then there might be something wrong or a vulnerability behind it, Example:
He asked: What is your age?
I told: π²
got it?
finding hidden files and directories under server also falls under fuzzing.

So, ffuf is a tool to automate the manual process of sending fuzzed data to the remote server.

Installing

installation steps may vary by time so i suggest you to visit here it’s a github link. The ffuf developers explained it far more efficiently than me read the docs carefully if you find this tool helpful and if this tools helps you in your process of cybersecurity easy then consider supporting the creators of the tool. And still if you don’t get the idea behind it then i’m explaining this tool here on this post.

Basic Fuzzing with FFUF

i’ll assume that you’ve installed ffuf correctly. Now type :

ffuf --help

you’ll see whole bunch of flags that can be used with this tool and keep in mind if you stuck somewhere always jump to manual pages you’ll find nearly everything in man pages just type man <command>

Where to Fuzz?

By default, FFUF looks for “FUZZ” word in your defined location. i will explain this thing in detail in very next paragraph.

Fuzzing Directories

let’s assume that there is an webserver running on 192.168.43.199 port 80 so the simplest way to fuzz this will be

ffuf -u http://192.168.43.199:80/FUZZ -w wordlist.txt

now ffuf will replace first line of wordlist.txt to the word FUZZ in the url and will send the request, it will capture the response and try to analyze it using it’s status code.

Fuzzing Parameters

ffuf -u http://192.168.43.199:80/parameter=FUZZ -w wordlist.txt

if you want to fuzz multiple parameters and values, you need to define the Words to fuzz like :

ffuf -u https://192.168.43.245:80?username=USERNAMES:password=PASSWORDS -w USERNAMES.txt:USERNAME,PASSWORD.txt:PASSWORD

Fuzzing with Cookies

There are some things that you can access only when you are authenticated like your own emails now if you want to fuzz that endpoint you have to show to the server that the person hitting the server is none other than you… so you can use cookies into your command using flag b [ -b ] like :

ffuf -u http://192.168.32.232:443/Admin/FUZZ -w wordlist.txt -b “cookies=abx”

Fuzzing using a Custom Header

so for any reason if you want a custom header in your request you can do something like:

ffuf -u https://192.168.34.55:443/FUZZ -H “Host:FUZZ.website.com” -w wordlist.txt

i will explain this case practically in next post….

Changing HTTP method

you can change default http method in ffuf using the -x flag and you can send additional data using -d flag along with -x flag like:

ffuf -u https://192.22.34.12:80/admin/ -X POST -d “username=admin&password=FUZZ” -w wordlist.txt

That’s it

yes that is it to get started and i will explain it more in and more in other posts thanks for reading this article.

some better resources ffuf medium stories worth reading

https://mikekitckchan.medium.com/holy-ffuf-a-beginner-guide-to-fuzz-with-ffuf-4bc6a66b5391
https://medium.com/quiknapp/fuzz-faster-with-ffuf-c18c031fc480