Configure your .ffufrc for ffuf

This topic has 1 reply, 2 voices, and was last updated 8 months, 3 weeks ago by Gal Nagli.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
caon
Participant

That’s a small configuration that changes a lot!

Some targets have WAFs/protections that will ignore or slow your fuzzing requests using ffuf just because you are fuzzing it with default User-Agent.

The default user-agent for ffuf is a custom one to identify requests from the program. It is a must to change that default User Agent, specially if you going for bug bounties.

The solution for this is to implement a .ffufrc file file with real headers:

[http] headers = [ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" ] [https] headers = [ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" ]

This topic was modified 8 months, 4 weeks ago by caon.

This topic was modified 8 months, 4 weeks ago by caon.
May 5, 2022 at 12:23 pm #5262
Gal Nagli
Keymaster

Not bad! thanks : )

May 6, 2022 at 2:57 pm #5265
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Twitter #BugBountyTips Threads Compilation, This space will be regularly maintained and updated with accurate and new BugBountyTips shared by the community.

Continue reading →

Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research.

Continue reading →

YesWeHack, in partnership with Doctolib, Blablacar, Malt and the cybersecurity network SPARTA, launched the first live Bug Bounty event dedicated to European scale-ups and unicorns! The first edition of Hack […]

Continue reading →

As part of Yahoo Elite Bug Bounty Program, and NahamCon 2022 event, The Paranoids team have decided to go on with a promo worth 150k$ in bounty bonuses

Continue reading →

YES! That’s one of the topics STÖK and Jason Haddix and Condigo will answer in this episode of BOUNTY THURSDAYS – ON AIR . A show where we answer your questions and focus on news, tools, and stuff related to bug bounty and the offensive (red) side of cyber.

Continue reading →

On February 21st, hackers participated in HackerOne’s first Flagship Live Hacking Event of the year: h1-415 2020. This is HackerOne’s fourth year hosting a live hacking event during RSA week […]

Continue reading →

On an unseasonably sunny summer day, hackers from around the world descended on London, England, not to see an unobstructed view of Buckingham Palace, but to break into one of […]

Continue reading →

h1-604 featured a grizzly bear, a gondola, a ski lift into the clouds, and of course, plenty of bugs. Watch the recap of the first live hacking event in Vancouver, […]

Continue reading →

The largest amount of participating hackers ever for a live event submitted over 1,049 security flaws to customers over 3 days. This was the highest amount of vulnerabilities reported during […]

Continue reading →

Configure your .ffufrc for ffuf

422

Registered Users

14

Forums

13

Topics

14

Replies

Ready to join the community?

Better Together, we are waiting for you!

You could really enjoy these posts

Twitter #BugBountyTips Threads Compilation

OWASP DevSlop – Diving Deeper Into Subdomain Takeovers & Mitigations by @shubs

Hack Me I’m Famous – Live Bug Bounty in Paris

facts: Bug Bounty hunters has made ridiculous amounts of $$ from known DNS techniques..

h1-415 2020 Live Hacking Event in San Francisco

h1-4420 Live Hacking Recap with Uber

h1-604: Live Hacking in Vancouver Recap

h1-702 Heats Up Vegas: Live Hacking Event Recap

WriteUps

Videos

Program Updates

Live Hacking Events

Adventures

Battle Royale

Early Access

interview

Live

Multiplayer

Platform

player

Need more help?