Codebase list spike / master src / WEBFUZZING.txt
master

Tree @master (Download .tar.gz)

WEBFUZZING.txt @masterraw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Here's a very simple text on how to use webfuzz. First, capture a http
request. 

To do this first set up webmitm in a temporary directory and run it
like so:

./webmitm -i <IP of web site> -p 80

It will automatically listen on 443. 

Modify your /etc/hosts (or winnt/system32/hosts) to redirect the
target web site to your proxy host. (In most cases this is just
127.0.0.1)

Browse the website as normal. Lots of files will be generated in your
temporary directory. SPIKE handles "Kept-alive:" requests properly -
each will be in its own file.

Use makewebfuzz.pl to create webfuzz.c. 
./makewebfuzz http-request-1 > webfuzz.c

Compile webfuzz.c into a working program with "make." If you're
automating this sort of thing, you can write a little script to do
this.

Now run ./webfuzz against the web server (specified by IP.) You can
edit your cookie on the fly by changing your COOKIE environment
variable. This might come in handy if your authenticated session
runs out of time.

webfuzz will generate a long list of the output - this is not really
finished, but seems to suffice. If you see anything weird, you
probably have a bug to explore. You can then play with the webfuzz.c
file and see what caused the bug by pulling parts of the request out
into separate s_string() calls.

Hope this helps!
-dave