ToFuzz#

  • Banniere

  • ToFuzz is an opensource Fuzzing tool able to use the tor network to limit the footprint on the targetted server and escape the attack detection by IP Filter.

Installation#

pip install .

Help#

$ tofuzz -h

___________     _____
\__    ___/____/ ____\_ __________________
  |    | /  _ \   __\  |  \___   /\___   /
  |    |(  <_> )  | |  |  //    /  /    / 
  |____| \____/|__| |____//_____ \/_____ \
                                \/      \/
usage: ToFuzz [-h] [-X METHOD] -u URL [-H HEADERS] [-b BODY] -w WORDLIST [--fuzztoken FUZZTOKEN] [-t THREADS] [-v]
              [-T] [--tor-host TOR_HOST] [--tor-port TOR_PORT]

ToFuzz – is a multi-threaded fuzzing tool which allow users to use tor network.

options:
  -h, --help            show this help message and exit
  -X, --method METHOD   HTTP method to use (default: GET)
  -u, --url URL         Target URL with FUZZ token
  -H, --headers HEADERS
                        HTTP headers as JSON string
  -b, --body BODY       HTTP body as raw string or JSON string
  -w, --wordlist        Path to the wordlist to use (Will be automatically splitted by thread)
                        Path to wordlist file
  --fuzztoken FUZZTOKEN
                        Token to replace in URL/body (default: FUZZ)
  -t, --threads THREADS
                        Number of threads
  -v, --verbose         Verbose Mode
  -T, --tor             Use Tor network
  --tor-host TOR_HOST   Tor SOCKS5 proxy host (default: 127.0.0.1)
  --tor-port TOR_PORT   Tor SOCKS5 proxy port (default: 9050)

Simple usage with GET request :

tofuzz -X GET -u http://www.myapp.com?q=FUZZ -w .\tofuzz\resources\test_wordlist.txt --threads 5 
    
___________     _____
\__    ___/____/ ____\_ __________________
  |    | /  _ \   __\  |  \___   /\___   /
  |    |(  <_> )  | |  |  //    /  /    /
  |____| \____/|__| |____//_____ \/_____ \
                                \/      \/


METHOD    : GET
URL       : http://www.myapp.com?q=FUZZ
WORDLIST  : .\tofuzz\resources\test_wordlist.txt (15)
FUZZ URL  : True
FUZZ BODY : False
--------------------------------------------------
PAYLOAD=BBBBBBBBBB                |     HTTP 200 |      len = 17676
PAYLOAD=CCCCCCCCCCCCCCCCCCCC      |     HTTP 200 |      len = 17263
PAYLOAD=AAAAA                     |     HTTP 200 |      len = 17671
PAYLOAD=EEEEEEEEEE                |     HTTP 200 |      len = 17216
PAYLOAD=DDDDD                     |     HTTP 200 |      len = 17678
PAYLOAD=CCCCCCCCCC                |     HTTP 200 |      len = 17612
PAYLOAD=DDDDDDDDDDDDDDDDDDDD      |     HTTP 200 |      len = 17221
PAYLOAD=EEEEE                     |     HTTP 200 |      len = 17604
PAYLOAD=AAAAAAAAAAAAAAAAAAAA      |     HTTP 200 |      len = 17670
PAYLOAD=BBBBB                     |     HTTP 200 |      len = 17681
PAYLOAD=DDDDDDDDDD                |     HTTP 200 |      len = 17711
PAYLOAD=EEEEEEEEEEEEEEEEEEEE      |     HTTP 200 |      len = 17295
PAYLOAD=AAAAAAAAAA                |     HTTP 200 |      len = 17222
PAYLOAD=CCCCC                     |     HTTP 200 |      len = 17177
PAYLOAD=BBBBBBBBBBBBBBBBBBBB      |     HTTP 200 |      len = 17686



Terminated with success
Execution time : 0.17 seconds

Tor Usage#

To use this fuzzer with tor :

  • Start Tor Browser with the proxy
  • Add the arguments to commandline --tor
  • start the fuzzing
Backward MAAS TryHackMe Forward