Hello, i wonder How to fuzz two parameters in a cookie and avoiding issues. I was doing a lab where i need to use ip spoofing to avoid being blocked, so i could distinguish if a success doing this because the words, lines, etc. To achieve this i use a IP-spoof.txt with all possible custom headers to spoof the IP, and a second fuzz which will be a random number
Now this work perfect, but the issue is that is a CRFL right before the fuzzed header, which indeed spoil all the request because CRLF are important in http/1.1
I guess wfuzz is taking the double fuzz as a body and that's why it makes a CRLF.
Mdriyadmia
commented
5 days ago
Hello, i wonder How to fuzz two parameters in a cookie and avoiding issues. I was doing a lab where i need to use ip spoofing to avoid being blocked, so i could distinguish if a success doing this because the words, lines, etc. To achieve this i use a IP-spoof.txt with all possible custom headers to spoof the IP, and a second fuzz which will be a random number
Now this work perfect, but the issue is that is a CRFL right before the fuzzed header, which indeed spoil all the request because CRLF are important in http/1.1 I guess wfuzz is taking the double fuzz as a body and that's why it makes a CRLF.