Configure your .ffufrc for ffuf

Home Forums BugBountyTips Configure your .ffufrc for ffuf

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • caon
    Participant

    That’s a small configuration that changes a lot!

    Some targets have WAFs/protections that will ignore or slow your fuzzing requests using ffuf just because you are fuzzing it with default User-Agent.

    The default user-agent for ffuf is a custom one to identify requests from the program. It is a must to change that default User Agent, specially if you going for bug bounties.

    The solution for this is to implement a .ffufrc file file with real headers:

    
    [http]
        headers = [
            "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0"
        ]
    
    [https]
        headers = [
            "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0"
        ]
    
    • This topic was modified 4 months, 3 weeks ago by caon.
    • This topic was modified 4 months, 3 weeks ago by caon.
    Gal Nagli
    Keymaster

    Not bad! thanks : )

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Ready to join the community?

Better Together, we are waiting for you!