Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to fuzz two parameters in a cookie #372

Open
MarcoCNK opened this issue Nov 5, 2024 · 1 comment
Open

How to fuzz two parameters in a cookie #372

MarcoCNK opened this issue Nov 5, 2024 · 1 comment

Comments

@MarcoCNK
Copy link

MarcoCNK commented Nov 5, 2024

Hello, i wonder How to fuzz two parameters in a cookie and avoiding issues. I was doing a lab where i need to use ip spoofing to avoid being blocked, so i could distinguish if a success doing this because the words, lines, etc. To achieve this i use a IP-spoof.txt with all possible custom headers to spoof the IP, and a second fuzz which will be a random number

wfuzz -u https://0ab2006104a3055d813434d300450078.web-security-academy.net/login -H "FUZZ: FUZ2Z" -d "username=1234&password=asd" -w IP-spoof.txt -z range,1-999 -X POST -p localhost:8080

Now this work perfect, but the issue is that is a CRFL right before the fuzzed header, which indeed spoil all the request because CRLF are important in http/1.1
I guess wfuzz is taking the double fuzz as a body and that's why it makes a CRLF.
@Mdriyadmia
Copy link

Bnj

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarcoCNK @Mdriyadmia