If you are a bug bounty hunter or security researcher, you must be familiar with a technique called Fuzzing. In case you just newly started, Fuzzing is a way of testing an application by automatically feed random input to an application. For example, hackers might feed in null byte (e.g. %00) or super long payload (e.g. 10000 As)to check how the application responses. If the application gives out strange responses, it means there might be something wrong or a vulnerability behind it. This technique is widely used in web app as in most cases, you are not provided any source code of the backend.
Out of all tools, FFUF might be one of the most popular tools used in web app fuzzing. It is written in Go, easy to use and very fast. In this article, we will walk you through some basic technique used to fuzz web app using FUFF. So, let’s begin:
Installation
Before you install ffuf, you need to make sure you have your Go compiler installed first. To check it, you may simply type below command to check:
go versionIf you do not have one, you may visit this link and choose the correct version for your OS to download and install. After you properly installed Go compiler, simply type commands in terminal below to download ffuf:
