CYBER SECURITY VULNERABILITIES AND SAFEGUARDS LAB

LAB 4: Fuzzing

FUZZING
Fuzzing is an automated software testing method that injects invalid, malformed, or unexpected
inputs into a system to reveal software defects and vulnerabilities. A fuzzing tool injects these
inputs into the system and then monitors for exceptions such as crashes or information leakage.

Fuzz testing offers a wide range of benefits to a security and quality program.

 Fuzzing provides a good overall picture of the quality of the target system and software.
 Fuzzing is the primary technique used by malicious hackers to find software
vulnerabilities. Using it in your security program helps you prevent zero-day exploits
from unknown bugs and weaknesses in your system.
 Fuzzing has a low overhead for both cost and time. Once a fuzzer is up and running, it
can start to look for bugs on its own, with no manual/human intervention, and can
continue to do so for as long as needed.
 Fuzzing helps uncover bugs that would not have been detected through conventional
testing methods or manual audits.

Types of Fuzz Testing

1. Application Fuzzing: This fuzzing method tests UI features such as buttons, input fields
in forms, or options in command-line programs. It can similarly be used to test API
commands.
2. Protocol Fuzzing: Protocols such as Hypertext Transfer Protocol (HTTP) are used to
exchange data over the web. Protocol fuzzing is used to test the behavior of a server
when bad content is sent over a given protocol.
3. File Format Fuzzing: File format fuzzing creates a corrupted file and presents it to the
target software for processing. This is relevant both for installed software and web
applications that accept files as input. Files are usually in standard formats,
such .jpg, .docx or .xml.

Some open source tools are:

 sfuzz
 wfuzz
 ffuf
 VAF

In this lab we are going to go through wfuzz and ffuf tools.

WFUZZ
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources
not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking
different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters
(User/Password), Fuzzing, etc.

Installation:

The command to install wfuzz:

[kali@kali ~]$ sudo apt install wfuzz

Using wfuzz to find unlinked resources/webpage in a website

Unlinked resources or webpage is anything that is not accessible from the viewable webpage.

To print the available options and syntax use the command:

[kali@kali ~]$ wfuzz -h

To find unlinked webpages use the command:

[kali@kali ~]$ wfuzz -c -w <Wordlist> --hc <HTTP Status Code> -u <URL>/FUZZ

Current webpage links that can be seen:

After the scan we can see the unlinked webpages:

FFUF
ffuf is a fest web fuzzer written in Go language that allows typical directory discovery, virtual
host discovery (without DNS records) and GET and POST parameter fuzzing.

Installation

The command to install ffuf is:

[kali@kali ~]$ sudo apt install ffuf

Using ffuf to find unlinked resources/webpages in a website

To print the available options and syntax use the command:

[kali@kali ~]$ ffuf -h

To find unlinked webpages use the command:

[kali@kali ~]$ ffuf -c -r -u <URL>/FUZZ -w <Wordlist> -fc <HTTP code to filter>

Current webpage links that can be seen:

After the scan we can see the unlinked webpages: