That’s a small configuration that changes a lot!
Some targets have WAFs/protections that will ignore or slow your fuzzing requests using ffuf just because you are fuzzing it with default User-Agent.
The default user-agent for ffuf is a custom one to identify requests from the program. It is a must to change that default User Agent, specially if you going for bug bounties.
The solution for this is to implement a .ffufrc
file file with real headers:
[http]
headers = [
"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0"
]
[https]
headers = [
"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0"
]
-
This topic was modified 8 months, 4 weeks ago by
caon.
-
This topic was modified 8 months, 4 weeks ago by
caon.