Web Application Penetration Testing With WFuzz (Wfuzz İle Web Uygulama Güvenliği Testleri)

28 Kasım 2017 Salı

Web Application Penetration Testing With WFuzz (Wfuzz İle Web Uygulama Güvenliği Testleri)

What İs WFuzz?

WFuzz is a powerful tool for general web security testing where we can perform security tests on web applications, perform XSS and SQL injection tests on our web pages with their own wordlists, and perform page and page directory browsing (BruteForce). In addition to these, Encode (Encryption) is also capable of doing.

How To İnstall Wfuzz?

We download the wfuzz-2.1.3.tar.gz file located in the Downloads section at https://github.com/xmendez/wfuzz/releases/tag/v2.1.3 and open the console. We go to the Downloads folder and open our file and go there:

1) $ cd Downloads
2) $ tar -xvf wfuzz-2.1.3.tar.gz
3) $ cd wfuzz-2.1.3

Wfuzz Parameters

-c = Http allows status codes to output in color.
-z = We will not use wordlist when we are doing Fuzz operation.
-hc xxx = xxx The status code can not be shown on the status code screen.

The number of answers like 404 (Page Not Found) is quite high because some sites have a long scan. So it might make sense to use it.

-d: post request

FUZZ: I want to make a fuzz section

The most commonly used HTTP Status Codes are as follows;

     • 100 = Continue
     • 200 = OK (Successful)
     • 201 = Created.
     • 202 = Accepted.
     • 204 = No Content
     • 301 = Permanently Redirected or Moved
     • 302 = Temporarily Redirected or Moved
     • 400 = Bad Request
     • 401 = Authorization Required.
     • 403 = Prohibited
     • 404 = Not Found
     • 500 = Critical Server Error

    Wfuzz is more than a web content browser:

 • Wfuzz can help you secure your web applications by finding and exploiting web application security vulnerabilities. Wfuzz's web application is supported by security vulnerable browser plugins.

• Wfuzz is a completely modular framework and makes it even easier for the newest Python developers to contribute. The building inserts are simple and take a little more than a few minutes.
 • Offers a simple language interface to previous HTTP requests / responses using other tools such as Wfuzz, Wfuzz or Burp. This allows you to do manual and semi-automated tests with the full content and understanding of your actions and context without relying on a web application browser based on the application.

OK. It's so good here. Let's go to practice :)

• Now, when I do content management, we scan the admin panes

       wfuzz -c -z file, / usr / share / wfuzz / worldlist / general / admin-panels.txt - hc 404 http://harranbilisim.com/FUZZ

       The first time I use this command directory, the -c parameter,
       We wanted it to be colored so the codes could be recognized.
        We will use it with -z file
       We made the WordList selection.
       The 404 status code for 137 keywords scanned with -hc 404
       We got a big part back.
       Then we used http://www.agamakala.com/FUZZ.
       If you want to make an experiment by putting each keyword in the Wordlist
       we are writing the key word "FUZZ" in capital letters.

   200 returning answers admin user login page 

   Ok we found the panel with the necessary parameters
    Okay Now Scan Sql Vulnerability

wfuzz -c -z file,/usr/share/wfuzz/worldlist/Injections/SQL.txt – hc 404 www.blablablabla.com/index.php?id=51/FUZZ

   Many successful responses have returned

We Can XSS Scanning
wfuzz -c -z file,XSS.txt --hc 404 http://blablablabla.bla/inc/takvim/index.php?month=3&year=2017/FUZZ

   Many successful answers have returned now let's check manually

Finding Sensitive Files

WFUZZ with the apache.txt file located under usr / share / wfuzz / wordlist / vulns directory


Let's test it looking for sensitive files like

wfuzz -c -z file, apache.txt -hc 404 http://blablabla.bla/FUZZ

   We can download the logs and htaccess file and view the contents.

   We are still trying to read server-side etc / passwd with dirTraversal-nix.txt file located under the         
same directory

Did not get any successful results
looking for a windows server-side sensitive file with dirTraversal-win.txt in the same directory

I can with stress testing / usr / share / wfuzz / wordlist / stress / test_ext

Thank you for reading. You can follow me on twitter https://twitter.com/berkdusunur

2 yorum :

  1. Thanks for sharing the post. Kanhasoft is the Django Application Development Company in India and USA. We are developing enterprise solutions to boost business. Visit our site to know more.

  2. This is an awesome post. Really very informative and creative contents. This concept is a good way to enhance knowledge. I like it and help me to development very well. Thank you for this brief explanation and very nice information. Well, got good knowledge.
    WordPress development company in Chennai