It has been a few days since I discovered a great tool called Wuzz which is a Command Line Interface tool for HTTP inspection. His author, asciimoo, has done a really good job with this. Security Researchers mainly use this tool during assessments to have a better view of what is going on with their HTTP requests. Of course, with Wuzz you can also manipulate the request, add parameters and more. A response window which displays the HTTP Response is available. It is important not to compare this tool with tools like Burp Proxy. They are totally different tools; Burp is an HTTP Proxy while Wuzz is an HTTP inspection tool. We cannot compare them!
What I like about Wuzz is the “geeky” Command Line Interface it provides. By using the TAB button or Ctrl+J, you can easily move through the windows.
For the following examples, I will use https://httpbin.org/get and a local – vulnerable on purpose – a web application I created as the main subjects. Of course, you can find the code of my vulnerable web application on Github: wuzz-example.site. The first website will be used to understand how to use Wuzz. The second example, the vulnerable application, will be used to explain how Wuzz can help us during an assessment. Feel free to use your Web Applications to test this great tool in depth.
To begin, we have to provide Wuzz with a URL to request. As mentioned, the first subject we will examine is httpbin(1): HTTP Client Testing Service. We can either press Enter or Ctrl+r to send the request.
Let’s break down the available windows:
URL: The first window, URL, is the place where we specify our target URL.
Method: The HTTP Method used.
URL Params: Here, we can provide our HTTP Request with some extra URL parameters.
Request Data: We can give some more request data. This would work for example on POST request like credential submission etc.
Request Headers: Here we can insert or modify some of the HTTP Request headers (e.g.: User-Agent).
Response Headers: The response to our HTTP request.
Response Body: The content of the requested page.
Search: Here we can search inside your requests for specific information.
As you can see on the Response body on Image 1.1, there are several bits of information returned. Once again, the response body shows the content of the website we requested. This website was designed for this exact purpose, to perform HTTP tests, and this is why the content contains information like “website,” “headers,” “arguments” and more. Let’s now attempt to add some URL parameters.
On the example above (Image 1.2), we have used the URL params window to add some extra parameters, parameter1 and parameter2 with values wuzz
and is_great respectively.
Ethical Hacking Training – Resources (InfoSec)
Also, notice the change in the response body, we can see that the parameters were added successfully by checking the arguments (args) list. Let’s now add some extra headers, like a User-Agent and a random one. To do this, we just move to the Request Headers window and type in our headers. Here is an example of using the Linux Firefox User-Agent:
To add another Request header, we just have to insert it above – or below – the current one. For example, let’s insert another header called “Another-Header” with value “Is-set.” The request headers and the response body should look like this:
Of course, there are several other options which you can use with Wuzz. For example, you can use the search window at the bottom to search for the responses, you can use Ctrl+H to browse your Request history, or you are even able to save your results for later examination (JSON ftw!). Moreover, you can parse arguments to Wuzz from the terminal window, before executing Wuzz. I highly encourage you to go through all of its options as we will not cover them in this article. Here is the official Wuzz repository. The GIF along with the Commands available will help you understand better how Wuzz works.
Using Wuzz During Security Assessments.
As previously mentioned, I have created some vulnerable labs to demonstrate how useful Wuzz can be during a security assessment. Of course, the labs I created are very – VERY – simple. Their purpose is to illustrate the functions of Wuzz. We will see how to exploit an LFI vulnerability with Wuzz and moreover we will go through some classic challenges which require changing a Cookie value to proceed on a page, change the User-Agent and more. Again, I don’t recommend you to stop using your old time classic tools for your assessments, but this one is an extra fun one to use!
You can find the Web Application code here.
Thanks for reading,
I hope you enjoyed this article as much as I did!
Source: InfoSec Resources @ February 23, 2017 at 06:02AM