Hello Amazing People,
copyasffuf is a simple python script that takes a raw HTTP request as input and convert it into a working ffuf command.
Wonder why would you need this, read along!
wget the python script to your computer and execute: link to raw file!
wget https://raw.githubusercontent.com/w33knd/copyasffuf/main/copyasffuf.py
Make it executable:
chmod +x copyasffuf.py
Capture a http request from burp suite:
and then, Execute!!
./copyasffuf.py -f <request file> -m ffuf
or
python3 copyasffuf.py -f <request file>
Works on POST request too!!
When testing an aggresively firewalled api or target, we need to fuzz multiple times, and creating a vanilla ffuf payload won't get you anywhere because you will just keep adding headers and won't find out why firewall is blocking your request.
Solution: Capture a working HTTP request, be it GET, POST or PUT, run this python script and you will have, a working ffuf payload.
You just need to switch wordlist path and FUZZ keyword and you are good to go.
Thank you.