Web Application Penetration Testing With WFuzz (Wfuzz İle Web Uygulama Güvenliği Testleri)
What İs WFuzz?
WFuzz is a powerful tool for general web security testing where we can perform security tests on web applications, perform XSS and SQL injection tests on our web pages with their own wordlists, and perform page and page directory browsing (BruteForce). In addition to these, Encode (Encryption) is also capable of doing.
How To İnstall Wfuzz?
We download the wfuzz-2.1.3.tar.gz file located in the Downloads section at https://github.com/xmendez/wfuzz/releases/tag/v2.1.3 and open the console. We go to the Downloads folder and open our file and go there:
1) $ cd Downloads
2) $ tar -xvf wfuzz-2.1.3.tar.gz
3) $ cd wfuzz-2.1.3
Wfuzz Parameters
-c = Http allows status codes to output in color.-z = We will not use wordlist when we are doing Fuzz operation.
-hc xxx = xxx The status code can not be shown on the status code screen.
The number of answers like 404 (Page Not Found) is quite high because some sites have a long scan. So it might make sense to use it.
-d: post request
FUZZ: I want to make a fuzz section
The most commonly used HTTP Status Codes are as follows;
• 100 = Continue
• 200 = OK (Successful)
• 201 = Created.
• 202 = Accepted.
• 204 = No Content
• 301 = Permanently Redirected or Moved
• 302 = Temporarily Redirected or Moved
• 400 = Bad Request
• 401 = Authorization Required.
• 403 = Prohibited
• 404 = Not Found
• 500 = Critical Server Error
• Wfuzz can help you secure your web applications by finding and exploiting web application security vulnerabilities. Wfuzz's web application is supported by security vulnerable browser plugins.
• Wfuzz is a completely modular framework and makes it even easier for the newest Python developers to contribute. The building inserts are simple and take a little more than a few minutes.
• Offers a simple language interface to previous HTTP requests / responses using other tools such as Wfuzz, Wfuzz or Burp. This allows you to do manual and semi-automated tests with the full content and understanding of your actions and context without relying on a web application browser based on the application.
OK. It's so good here. Let's go to practice :)
• Now, when I do content management, we scan the admin panes
wfuzz -c -z file, / usr / share / wfuzz / worldlist / general / admin-panels.txt - hc 404 http://harranbilisim.com/FUZZ
The first time I use this command directory, the -c parameter,
We wanted it to be colored so the codes could be recognized.
We will use it with -z file
We made the WordList selection.
The 404 status code for 137 keywords scanned with -hc 404
We got a big part back.
Then we used http://www.agamakala.com/FUZZ.
If you want to make an experiment by putting each keyword in the Wordlist
we are writing the key word "FUZZ" in capital letters.
200 returning answers admin user login page
Ok we found the panel with the necessary parameters
Okay Now Scan Sql Vulnerability
wfuzz -c -z file,/usr/share/wfuzz/worldlist/Injections/SQL.txt – hc 404 www.blablablabla.com/index.php?id=51/FUZZ
Many successful responses have returned
We Can XSS Scanning
wfuzz
-c -z file,XSS.txt --hc 404
http://blablablabla.bla/inc/takvim/index.php?month=3&year=2017/FUZZ
Many successful answers have returned now let's check manually
Finding Sensitive Files
WFUZZ with the apache.txt file located under usr / share / wfuzz / wordlist / vulns directory
.htaccess
.htpasswd
.meta
.webm
access_log
cgi
cgi-bin
cgi-pub
cgi-script
Let's test it looking for sensitive files like
wfuzz -c -z file, apache.txt -hc 404 http://blablabla.bla/FUZZ
We can download the logs and htaccess file and view the contents.
We are still trying to read server-side etc / passwd with dirTraversal-nix.txt file located under the
same directory
Did not get any successful results
looking for a windows server-side sensitive file with dirTraversal-win.txt in the same directory
I can with stress testing / usr / share / wfuzz / wordlist / stress / test_ext
Thank you for reading. You can follow me on twitter https://twitter.com/berkdusunur
