Revision of What we did with FFUF


We saved the POST request of the username and password and saved it in a file called reqffuf.txt 

Our Injection Points from the request are as follows :- username=HFUZZ&password=WFUZZ&submit=Submit



Screenshot of the command :

https://udemy-images.s3.amazonaws.com/redactor/raw/2020-08-05_21-32-53-77dfba9462bcea8c0e31678c032f025e.png?width=1920


Command Breakdown:

ffuf -request reqffuf.txt -request-proto https -mode clusterbomb -w users.txt:HFUZZ -w users.txt:WFUZZ  -c  -mc all -fl 7

where, 

 ffuf : is the tool

-request : the POST request.

-request-proto https : the request protocol is https (by default it is https)

-mode clusterbomb : the mode is cluster bomb 

-w : wordlist file 

-w users.txt:HFUZZ  users.txt file and location to replace HFUZZ

-w users.txt:WFUZZ users.txt file and location to replace the WFUZZ

-c  : colorful output 

-mc : match all response 

-fl : filter by line 7