Using Wuzz
For the following examples, I’ll use https://httpbin.org/get and a local – intentionally vulnerable – web application I’ve created as the main subjects. Of course, the code of my vulnerable web application can be found on Github: wuzz-example.site. The first site will be used to understand how to use Wuzz. The second example, a vulnerable application, will be used to explain how Wuzz can help us during the evaluation. You can use your web applications to deep test this great tool.
First, we need to provide Wuzz with a URL to request. As mentioned, the first subject we will examine is httpbin(1): HTTP Client Testing Service. We can send the request either by pressing Enter or Ctrl+r.
Let’s break down the available windows:
URL: The first window, URL, is where we enter our destination URL.
Method: The HTTP method used.
URL Parameters: Here we can provide some additional URL parameters to our HTTP request.
Data Request: We may provide additional request data. This would work for example for POST requests like sending credentials etc.
Request Header: Here we can insert or edit some HTTP request headers (eg User-Agent).
Response header: The response to our HTTP request.
Response text: Content of the requested page.
Search: Here we can search your requests for specific information.
As you can see in the response body in Figure 1.1, several bits of information are returned. The body of the response again displays the content of the website we requested. This site was designed for exactly this purpose, to perform HTTP tests, and therefore the content contains information such as “site”, “headers”, “arguments” and more. Now let’s try to add some URL parameters.
In the above example (Figure 1.2), we used the URL parameters window to add some additional parameters, parameter1 and parameter2 with values of wuzz
and is_great, or
Also notice the change in the response body. By checking the list of arguments (arguments), we can see that the parameters have been successfully added. Let’s add some more headers like User-Agent and random. To do this, just go to the Request Headers window and enter our header. Here is an example of using the Linux Firefox User Agent:
To add another request header, we need to insert it above – or below – the current one. For example, let’s insert another header called “Another-Header” with the value “Is-set”. The request header and response body should look like this:
Of course, there are several other options you can use with Wuzz. For example, you can use the search box at the bottom to find answers, you can use Ctrl+H to browse the request history, or you can even save your results for later examination (JSON ftw!). Additionally, you can parse arguments to Wuzz from a terminal window before running Wuzz. I strongly recommend you to go through all its options as we will not cover them in this article. Here is the official Wuzz repository. GIFs and available commands help you understand how Wuzz works.
Using Wuzz during a security assessment
As mentioned, I created several vulnerability labs to show how useful Wuzz can be during a security assessment. The labs I created are of course very – VERY – simple. Their purpose is to illustrate the features of Wuzz. We’ll see how to exploit the LFI vulnerability using Wuzz, plus we’ll walk through some classic challenges that require changing the cookie value to continue on the page, changing the User-Agent, and more. Again, I’m not suggesting you stop using your old classic tools for your evaluations, but it’s extra fun!
You can find the Web Application code here.
Thanks for reading. I hope you enjoyed this article as much as I d