Home
Forums
New posts
Search forums
What's new
New posts
New resources
New profile posts
Latest activity
Resources
Latest reviews
Search resources
Members
Current visitors
New profile posts
Search profile posts
Verified members
Awards
Advertising
Log in
Register
What's new
Search
Search
Search titles only
By:
Menu
Log in
Register
Install the app
Install
Details For Premium Membership ( 399$ )
TradexPro |
| BICRYPTO
With All Addons ( 149$ ) Version
4.6.8
👉👉 🔗BICRYPTO DEMO 👈👈
credentials:
Email:
[email protected]
Password: 12345678
Payment Method
TradexPro |
With All Addons ( 179$ ) Version
3.1.1
👉👉 🔗Demo: TradexPro- latest-version ( admin )👈👈
👉👉 🔗Demo: TradexPro- latest-version ( frontend )👈👈
credentials:
Email:
[email protected]
Password: 123456
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
New posts
Search forums
Home
Forums
Spamming
Scama/Letter
Official by Crax.cc
Wuzz: An interactive CLI tool for HTTP inspection 2023
Reply to thread
Message
<blockquote data-quote="Poison_tools" data-source="post: 1285" data-attributes="member: 554"><p><h2>Using Wuzz</h2><p></p><p>For the following examples, I’ll use <a href="https://httpbin.org/get" target="_blank">https://httpbin.org/get</a> and a local – intentionally vulnerable – web application I’ve created as the main subjects. Of course, the code of my vulnerable web application can be found on Github: wuzz-example.site. The first site will be used to understand how to use Wuzz. The second example, a vulnerable application, will be used to explain how Wuzz can help us during the evaluation. You can use your web applications to deep test this great tool.</p><p></p><p>First, we need to provide Wuzz with a URL to request. As mentioned, the first subject we will examine is httpbin(1): HTTP Client Testing Service. We can send the request either by pressing Enter or Ctrl+r.</p><p></p><p><img src="https://blackhatpakistan.net/oalripoh/2023/03/image-7.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>Let’s break down the available windows:</p><p></p><p><strong>URL</strong>: The first window, URL, is where we enter our destination URL.</p><p></p><p><strong>Method</strong>: The HTTP method used.</p><p></p><p><strong>URL Parameters</strong>: Here we can provide some additional URL parameters to our HTTP request.</p><p></p><p><strong>Data Request</strong>: We may provide additional request data. This would work for example for POST requests like sending credentials etc.</p><p></p><p><strong>Request Header</strong>: Here we can insert or edit some HTTP request headers (eg User-Agent).</p><p></p><p><strong>Response header</strong>: The response to our HTTP request.</p><p></p><p><strong>Response text</strong>: Content of the requested page.</p><p></p><p><strong>Search</strong>: Here we can search your requests for specific information.</p><p></p><p></p><p>As you can see in the response body in Figure 1.1, several bits of information are returned. The body of the response again displays the content of the website we requested. This site was designed for exactly this purpose, to perform HTTP tests, and therefore the content contains information such as “site”, “headers”, “arguments” and more. Now let’s try to add some URL parameters.</p><p></p><p><img src="https://blackhatpakistan.net/oalripoh/2023/03/image-8.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>In the above example (Figure 1.2), we used the URL parameters window to add some additional parameters, parameter1 and parameter2 with values of wuzz</p><p>and is_great, or</p><p></p><p>Also notice the change in the response body. By checking the list of arguments (arguments), we can see that the parameters have been successfully added. Let’s add some more headers like User-Agent and random. To do this, just go to the Request Headers window and enter our header. Here is an example of using the Linux Firefox User Agent:</p><p></p><p><img src="https://blackhatpakistan.net/oalripoh/2023/03/image-9.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>To add another request header, we need to insert it above – or below – the current one. For example, let’s insert another header called “Another-Header” with the value “Is-set”. The request header and response body should look like this:</p><p></p><p><img src="https://blackhatpakistan.net/oalripoh/2023/03/image-10.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p>Of course, there are several other options you can use with Wuzz. For example, you can use the search box at the bottom to find answers, you can use Ctrl+H to browse the request history, or you can even save your results for later examination (JSON ftw!). Additionally, you can parse arguments to Wuzz from a terminal window before running Wuzz. I strongly recommend you to go through all its options as we will not cover them in this article. Here is the official Wuzz repository. GIFs and available commands help you understand how Wuzz works.</p><p></p><h2>Using Wuzz during a security assessment</h2><p></p><p>As mentioned, I created several vulnerability labs to show how useful Wuzz can be during a security assessment. The labs I created are of course very – VERY – simple. Their purpose is to illustrate the features of Wuzz. We’ll see how to exploit the LFI vulnerability using Wuzz, plus we’ll walk through some classic challenges that require changing the cookie value to continue on the page, changing the User-Agent, and more. Again, I’m not suggesting you stop using your old classic tools for your evaluations, but it’s extra fun!</p><p></p><p>You can find the Web Application code <a href="https://github.com/nikosdano/wuzz-example.site" target="_blank">here</a>.</p><p></p><p>Thanks for reading. I hope you enjoyed this article as much as I d</p></blockquote><p></p>
[QUOTE="Poison_tools, post: 1285, member: 554"] [HEADING=1]Using Wuzz[/HEADING] For the following examples, I’ll use [URL]https://httpbin.org/get[/URL] and a local – intentionally vulnerable – web application I’ve created as the main subjects. Of course, the code of my vulnerable web application can be found on Github: wuzz-example.site. The first site will be used to understand how to use Wuzz. The second example, a vulnerable application, will be used to explain how Wuzz can help us during the evaluation. You can use your web applications to deep test this great tool. First, we need to provide Wuzz with a URL to request. As mentioned, the first subject we will examine is httpbin(1): HTTP Client Testing Service. We can send the request either by pressing Enter or Ctrl+r. [IMG]https://blackhatpakistan.net/oalripoh/2023/03/image-7.png[/IMG] Let’s break down the available windows: [B]URL[/B]: The first window, URL, is where we enter our destination URL. [B]Method[/B]: The HTTP method used. [B]URL Parameters[/B]: Here we can provide some additional URL parameters to our HTTP request. [B]Data Request[/B]: We may provide additional request data. This would work for example for POST requests like sending credentials etc. [B]Request Header[/B]: Here we can insert or edit some HTTP request headers (eg User-Agent). [B]Response header[/B]: The response to our HTTP request. [B]Response text[/B]: Content of the requested page. [B]Search[/B]: Here we can search your requests for specific information. As you can see in the response body in Figure 1.1, several bits of information are returned. The body of the response again displays the content of the website we requested. This site was designed for exactly this purpose, to perform HTTP tests, and therefore the content contains information such as “site”, “headers”, “arguments” and more. Now let’s try to add some URL parameters. [IMG]https://blackhatpakistan.net/oalripoh/2023/03/image-8.png[/IMG] In the above example (Figure 1.2), we used the URL parameters window to add some additional parameters, parameter1 and parameter2 with values of wuzz and is_great, or Also notice the change in the response body. By checking the list of arguments (arguments), we can see that the parameters have been successfully added. Let’s add some more headers like User-Agent and random. To do this, just go to the Request Headers window and enter our header. Here is an example of using the Linux Firefox User Agent: [IMG]https://blackhatpakistan.net/oalripoh/2023/03/image-9.png[/IMG] To add another request header, we need to insert it above – or below – the current one. For example, let’s insert another header called “Another-Header” with the value “Is-set”. The request header and response body should look like this: [IMG]https://blackhatpakistan.net/oalripoh/2023/03/image-10.png[/IMG] Of course, there are several other options you can use with Wuzz. For example, you can use the search box at the bottom to find answers, you can use Ctrl+H to browse the request history, or you can even save your results for later examination (JSON ftw!). Additionally, you can parse arguments to Wuzz from a terminal window before running Wuzz. I strongly recommend you to go through all its options as we will not cover them in this article. Here is the official Wuzz repository. GIFs and available commands help you understand how Wuzz works. [HEADING=1]Using Wuzz during a security assessment[/HEADING] As mentioned, I created several vulnerability labs to show how useful Wuzz can be during a security assessment. The labs I created are of course very – VERY – simple. Their purpose is to illustrate the features of Wuzz. We’ll see how to exploit the LFI vulnerability using Wuzz, plus we’ll walk through some classic challenges that require changing the cookie value to continue on the page, changing the User-Agent, and more. Again, I’m not suggesting you stop using your old classic tools for your evaluations, but it’s extra fun! You can find the Web Application code [URL='https://github.com/nikosdano/wuzz-example.site']here[/URL]. Thanks for reading. I hope you enjoyed this article as much as I d [/QUOTE]
Verification
Post reply
Home
Forums
Spamming
Scama/Letter
Official by Crax.cc
Wuzz: An interactive CLI tool for HTTP inspection 2023
Top
