HTTP Protocol
Proxy request:
CONNECT www.example.com:443 HTTP/1.1Proxy request with authentication:
CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80
Proxy-Authorization: basic aGVsbG86d29ybGQ=Check open proxy request:
echo -ne "CONNECT http://$DOMAIN HTTP/1.1\r\nHost: $DOMAIN\r\n\r\n" | nc $IP 8080
Fuzzing websites and HTTP protocol
wfuzz: Web application fuzzer. Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.
https://github.com/xmendez/wfuzz
pip install wfuzz
wfuzz -w wordlist/general/common.txt --hc 404 http://$DOMAIN/FUZZ
wfpayload -z range,0-10
wfencode -e md5 test
Fuzz HTTP methods:
wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://$DOMAIN/
Through a proxy:
wfuzz -z file,wordlist/general/common.txt -p localhost:8080 http://$DOMAIN/FUZZ
Brute-force usernames in WordPress:
wfuzz -c -z file,fsoc.dic — hs Invalid -d “log=FUZZ&pwd=aaaaa” http://$DOMAIN/wp-login.php
References:
- https://wfuzz.readthedocs.io/en/latest/
- https://securitybytes.io/wfuzz-using-the-web-brute-forcer-1bf8890db2f
JWT
JWT types:
- JWS (Signature)
- JWE (Encryption)
Debugging payloads:
- https://jwt.io/ Auth0 JSON Web Tokens (JWT) debugger (encoder/decoder)
- Unsecure JWS: Check if alg:none
SAML
- https://www.samltool.com/online_tools.php OneLogin SAML debugging
