Hello friends!! Today we are going to
perform fuzzing testing on bwapp application using burp suite intruder, performing
this testing manually is a time consuming and may be boring process for any pentester.
The fuzzing play a vital role in
software testing, it is a tool which is use for finding bugs, errors, faults
and loophole by injecting a set of partially –arbitrary inputs called fuzz into a program of the application
to be tested. Fuzzer tools take structure input in file format to differentiate
between valid and invalid inputs. Fuzzer tool are best in identifying
vulnerability like sql injection, buffer overflow, xss injection and OS command
injection and etc.
Let’s start!!
Fuzzing XSS
Start burp suite in order to intercept the request
and then send intercepted data into Intruder.
Many input-based vulnerabilities,
such SQL injection, cross-site scripting, and file path traversal can be
detected by submitting various test strings in request parameters, and
analyzing the application's responses for error messages and other anomalies.
Considered following as given below:
Configure the position where payload will be inserted, the attack type determine the way in which payloads are assigned to
payload positions.
Payload position: test (user input for first name)
Attack type: Sniper (for one payload)
Set payload which will be placed into
payload positions during the attack. Choose payload option to configure your
simple list of payload for attack. Configure the payload list using one of
Burp's predefined payload lists containing common fuzz strings.
Burp
suite intruder contain fuzzing string for testing xss injection, therefore
choose fuzzing –xss and click on ADD tab to load this string into simple
list as shown in screenshot and at final click on start attack.
It will start attack by sending
request which contains random string to test xss vulnerability in the target
application. Now from given list of applied string select the payload which has
highest length as output as shown in given image, we have select request 1 having length equal to 13926.
Insert
selected payload into intercepted request and then forward this request as you
can see in given image.
Bravo!!
Fuzzing test is completed and it found that application have bug which
lead to xss vulnerability. From screenshot you can see it is showing an xss
alert prompt.
Fuzzing OS command injection
Similarly repeat the same process in
order to intercept the request and then send intercepted data into Intruder.
Configure the position where payload will be inserted, the attack type determine
the way in which payloads are assigned to payload positions.
Payload position: www.nsa.gov (user input for target)
Attack type: Sniper (for one payload
Burp suite intruder contain fuzzing
string which will test for os command injection, therefore choose fuzzing full and click on ADD tab to load this string into simple
list as shown in screenshot and at final click on start attack.
It
will start attack by sending request which contains arbitrary string to test OS
command injection vulnerability in the target application. Now from given list
of applied string select the payload which has highest length as output as
shown in given image, we have select request 34 having length equal to 13343.
Insert
selected payload into intercepted request and then forward this request as you
can see in given image.
Great Job!! Fuzzing test is completed and it found that
application have bug which lead to OS command vulnerability. From screenshot
you can see application is showing ID as per the request of the selected
payload.
Fuzzing SQL
Similarly
repeat the same process in order to intercept the request and then send
intercepted data into Intruder.
Configure the position where
payload will be inserted, the attack type determine the way in which payloads
are assigned to payload positions. It is much similar like brute force attack.
Payload
position: 1:1 (user input for login:
password)
Attack type: Cluster bomb
(for two payloads)
Burp
suite intruder contain fuzzing string which will test for SQL injection,
therefore choose fuzzing –SQL Injection for
first payload postion and click on ADD tab to load this string into simple list as shown in screenshot
and at final click on start attack.
Similarly
repeat the same process to set payload option for second payload position.
It will start attack by sending request which contains
arbitrary string to test SQL injection vulnerability in the target application.
Now from given list of applied string select the payload which has highest
length as output as shown in given image, we have select request 168 having length equal to 13648.
Insert selected payload into intercepted request and then
forward this request as you can see in given image.
Wonderful!! Fuzzing test is completed and it found that
application have bug which lead to SQL injection vulnerability. From screenshot
you can see we had login into Neo’s account without valid input this happens
only as per the request of the selected payload.
0 comments:
Post a Comment