-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
it doesn't work well with two parameters [post] #754
Comments
This looks like a case where ffuf should work just as expected, but you didn't add the correct While many other tools do add this header by default, one of the design decisions of ffuf is to not to do any "magic" on behalf of the user. Try to rerun with a cli flag: |
Thanx 4 answer. Ffuf with -H flag works fine. Here is result from ffuf:
Here is result from wfuzz
Ffuf is faster, but wfuzz does not need an additional flag to correctly find the login and password. Can You add a parameter that automatically adds the -H header "Content-Type: application/x-www-form-urlencoded", or trying to find it? Thanks for creating such a great program |
Hi @kerszl, do you have any target that we could try? |
"ffuf -fs=683 -w userzy:PAR1 -w /usr/share/seclists/Discovery/Web-Content/common.txt:PAR2 -d 'user=PAR1&pass=PAR2' -u http://172.16.1.117/index.php" - works bad, even if i change to "ffuf -fs=683 -w userzy:PAR1 -w /usr/share/seclists/Discovery/Web-Content/common.txt:PAR2 -d 'user=PAR1&pass=PAR2' -u http://172.16.1.117/index.php"
but wfuzz works perfect with 2 parameters...
wfuzz -w /usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000.txt -d 'user=kevin&pass=FUZZ' -u http://172.16.1.117/index.php --hs 'invalid'
I used ffuf for a long time, but after it failed to check login with two parameters, I went back to wfuzz.
Can You correct ffuf?
The text was updated successfully, but these errors were encountered: