所有的授权实战入侵网站已添加“如何入侵”标签,在侧边栏的归档中选择“如何入侵”即可查看所有文章

MENU

FUZZ in work

January 19, 2024 • Read: 459 • 常山阅读设置

FUZZ in work

Yesterday, I used FUZZ for the first time in my work. It's so cool, I have decided to write a blog about it.

What is FUZZ?

Fuzz or fuzzing is a technique used in computer programming and software testing. It involves providing invalid, unexpected, or random data as input to a program or system in order to identify vulnerabilities, bugs, or abnormal behavior.

FUZZ in work

Yesterday, while testing a system, I discovered many paths using a browser plugin that called FindSomething.

paths.png

So I use these paths to test the system by yakit, and select the paths with 200 of status code.

yakit.png
200.png

Among these paths, I discovered a registration API that returns some error codes.

register.png

So I use FUZZ to test this API.

Based on testing experience, APIs like this one are usually accessed using POST requests. Therefore, I started fuzzing the parameters using POST.I guess the registration API is the same as login API format.

login.png
post.png

The fuzz dict is from https://github.com/TheKingOfDuck/fuzzDicts.

However, after fuzzing, I couldn't find the first parameter.The GET requests maybe tested.

I'm happy when I find a response packet that is different from the others after using GET to test this API.

get.png

Following the same approach, I got a complete request packet.

all.png

This is my first fuzzing result.It's so cool.

Archives QR Code Tip
QR Code for this page
Tipping QR Code
Leave a Comment

已有 1 条评论
  1. 360nb 360nb

    Woooooooooooooooooooooooooooooooo!!!!!!!!!!
    bro,you got it!!!It's so cool!!!