Scribd
Upload
309 views

FFUF Notes

This document provides examples of how to use the ffuf tool to fuzz websites and APIs. It demonstrates different parameters and flags for ffuf including adding delays, filtering responses, fuzzing multiple values or locations, recursing directories, importing requests, and fuzzing beyond authentication. The examples range from basic usage to more advanced techniques for bug hunting or penetration testing.

Uploaded by

David
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
309 views

FFUF Notes

This document provides examples of how to use the ffuf tool to fuzz websites and APIs. It demonstrates different parameters and flags for ffuf including adding delays, filtering responses, fuzzing multiple values or locations, recursing directories, importing requests, and fuzzing beyond authentication. The examples range from basic usage to more advanced techniques for bug hunting or penetration testing.

Uploaded by

David
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 3

# Default

ffuf -c -w /home/belisarius/WORDLISTS/federal_reserve/total_wordlist -u
http://philfrb.org/FUZZ -replay-proxy http://127.0.0.1:8080 -recursion

How to use ffuf – Hacker Toolbox

# Replay Proxy (local)


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080

# Basic Usage
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080

# Basic Usage With a Cookie


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 -b
"laravel_session=eyJpdiI6Ii8wQU11dTVlUkg2alRHUXBIVzlGSnc9PSIsInZhbHVlIjoiOWs3YllJWT
dqNC9xa1pMeFRvMFh0OE1vRFpaWm9GSzFkRktVZS9yUHBDM0lIazZ4K0NsbndxWVIxQ05VZWhqZUZaR0RGQ
WlFdmdDc24yWllYRklGSXI5STd2b05Pam4yRXIwV1BUWkZhUnFLNUFzOWsycmRHcnlxS0FqRWNsSnEiLCJt
YWMiOiI3ZTliMmM2YzIxOTExNDE0NmVjYTYyMGI4Nzg4YzJiYjNmNjVkNDI1YzEyODYwMzY5YzczNzY3NTU
wZDk0OGYzIn0%3D;"

# Adding a delay
ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 –p 1 –t 3

# Adding a delay (new method)


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 –rate 100

# Fuzzing 2 values
ffuf -w wordlist.txt:FUZZ -w actions-lowercase.txt:ME -u
http://127.0.0.1:8000/api/FUZZ/ME -o output.txt -replay-proxy http://127.0.0.1:8080

# Simple Filter
ffuf -w wordlist.txt:FUZZ -w actions-lowercase.txt:ME -u
http://127.0.0.1:8000/api/FUZZ/ME -o output.txt -replay-proxy http://127.0.0.1:8080
-fw 1

# Simple Matcher
ffuf -w wordlist.txt:FUZZ -w actions-lowercase.txt:ME -u
http://127.0.0.1:8000/api/FUZZ/ME -o output.txt -replay-proxy http://127.0.0.1:8080
-mc 302

# Custom Filters
ffuf -w wordlist.txt:FUZZ -w numbers.txt:ME -u http://127.0.0.1:8000/api/FUZZ/ME -o
output.txt -replay-proxy http://127.0.0.1:8080 -fr "not found"

# Fuzzing Post Data


ffuf -w wordlist.txt -X POST -d "email=df%40fd.com&issue=dsafd&information=FUZZ" -u
http://127.0.0.1:8000/vulnerability -replay-proxy http://127.0.0.1:8080

# Fuzzing Parameters (POST)


ffuf -w wordlist.txt -X POST -d "email=df%40fd.com&issue=dsafd&FUZZ=test" -u
http://127.0.0.1:8000/vulnerability -replay-proxy http://127.0.0.1:8080
# Fuzzing Parameters (GET)
ffuf -w wordlist.txt -u http://127.0.0.1:8000/contact/submit?FUZZ=d
%40d.com&issue=df -o output.txt -replay-proxy http://127.0.0.1:8080

# Fuzzing JSON Post Data


ffuf -w wordlist.txt -X "PUT" -u http://127.0.0.1:8000/api/users/6 -H "Content-
Type: application/json" -d "{'FUZZ':'test'}" -o output.txt -replay-proxy
http://127.0.0.1:8080

How to Master FFUF for Bug Bounties and Pen Testing

# Recursive Fuzzing (word “panel” must be included at the end of wordlist)

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 -recursion

# Recursive Fuzzing + adding extensions

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 -recursion -e .bak(or .zip, _com, .ico etc)

# Fuzzing multiple locations

ffuf -u http://W2/W1 -w
/home/belisarius/WORDLISTS/federal_reserve/total_wordlist:W1 -w
/home/belisarius/Bug_Hunting/federalreserve_com/active_subs2/new_domains:W2
-replay-proxy http://127.0.0.1:8080 -p 1 -t 3

# Fuzzing multiple locations, with delay and recursion

ffuf -u http://W2/FUZZ -w
/home/belisarius/WORDLISTS/federal_reserve/total_wordlist:FUZZ -w
/home/belisarius/Bug_Hunting/federalreserve_com/active_subs2/new_domains:W2
-replay-proxy http://127.0.0.1:8080 -recursion -p 1 -t 3

# Fuzzing automatic calibrate filtering

ffuf -c -w /home/belisarius/WORDLISTS/federal_reserve/total_wordlist -u
http://philfrb.org/FUZZ -replay-proxy http://127.0.0.1:8080 -ac

# Fuzzing with piping to another program or file

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 | tee ./outfile.txt

# Fuzzing beyond authentication (in this case, cookie-based). Custom cookies


ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-
proxy http://127.0.0.1:8080 -b “NAME1=VALUE1; NAME2=VALUE2”

# Fuzzing beyond authentication (in this case, header-based). Custom headers

ffuf -w wordlist.txt -u http://127.0.0.1:8000/api/FUZZ/6 -o output.txt -replay-


proxy http://127.0.0.1:8080 -H “NAME1=VALUE1; NAME2=VALUE2”

# Fuzzing importing requests (for very specific directory fuzzing)

ffuf -request tmp/request -w /wordlist

# Fuzzing wordlist modes

ffuf -request tmp/request -w /wordlist

# Fuzzing to stop on spurious errors

ffuf -c -w /home/belisarius/WORDLISTS/federal_reserve/total_wordlist -u
http://philfrb.org/FUZZ -replay-proxy http://127.0.0.1:8080 -se

ffuf -h (good to read documentation to learn all flags which will help in mastery
and calibration.)

To active FFUF in a terminal window:

export GOROOT=/usr/local/go

export GOPATH=$HOME/go

export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
echo 'export GOROOT=/usr/local/go' >> ~/.bash_profile
echo 'export GOPATH=$HOME/go'>> ~/.bash_profile
echo 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' >> ~/.bash_profile
source ~/.bash_profile

You might also like