Web fuzzing

POST request fuzzing

Fuzzing a payload list of request body data

#!/usr/bin/bash
TARGET="https://<arget>"
ENDPOINT="/endpoint/xxxx"
COOKIE="xxxx=xxxx"

payloads=(
'{"xxxx":"xxxx","xxxx":"xxxx"}'
'{"xxxx":"xxxx","xxxx":"xxxx"}'
)

for p in "${payloads[@]}"; do
  echo "=== Trying payload === $p"

  http_code=$(curl -w "%{http_code}" -s -o /dev/null -X POST "$TARGET$ENDPOINT" \
    -H "Cookie: $COOKIE" -H "Content-Type: application/json" -d "$p")
  if [[ "$http_code" != "400" ]]; then
    echo ">>> Non-400 response: $http_code"
    echo "SUCCESS"
    exit
  else
    echo "-> 400"
  fi
done

cURL options

a. -w/--write-out

http_code:
- A variable available to the -w/--write-out flag
- Displayed in the format: %{variable}
- Indicates the "The numerical response code that was found in the last retrieved HTTP(S) or FTP(s) transfer" (eg. 200, 400, 403, etc.)

b. -s: Silent or quiet mode

c. -o /dev/null: Discard output

Refer to the cURL manpage for more info: https://linux.die.net/man/1/curl

Previousscripting Nextgrep

Last updated 29 days ago