ToFuzz is an opensource Fuzzing tool able to use the tor network to limit the footprint on the targetted server and escape the attack detection by IP Filter.
Installation #
pip install .
Help #
$ tofuzz -h
___________ _____
\__ ___/____/ ____\_ __________________
| | / _ \ __\ | \___ /\___ /
| |( <_> ) | | | // / / /
|____| \____/|__| |____//_____ \/_____ \
\/ \/
usage: ToFuzz [-h] [-X METHOD] -u URL [-H HEADERS] [-b BODY] -w WORDLIST [--fuzztoken FUZZTOKEN] [-t THREADS] [-v]
[-T] [--tor-host TOR_HOST] [--tor-port TOR_PORT]
ToFuzz – is a multi-threaded fuzzing tool which allow users to use tor network.
options:
-h, --help show this help message and exit
-X, --method METHOD HTTP method to use (default: GET)
-u, --url URL Target URL with FUZZ token
-H, --headers HEADERS
HTTP headers as JSON string
-b, --body BODY HTTP body as raw string or JSON string
-w, --wordlist Path to the wordlist to use (Will be automatically splitted by thread)
Path to wordlist file
--fuzztoken FUZZTOKEN
Token to replace in URL/body (default: FUZZ)
-t, --threads THREADS
Number of threads
-v, --verbose Verbose Mode
-T, --tor Use Tor network
--tor-host TOR_HOST Tor SOCKS5 proxy host (default: 127.0.0.1)
--tor-port TOR_PORT Tor SOCKS5 proxy port (default: 9050)
Simple usage with GET request :
tofuzz -X GET -u http://www.myapp.com?q=FUZZ -w .\tofuzz\resources\test_wordlist.txt --threads 5
___________ _____
\__ ___/____/ ____\_ __________________
| | / _ \ __\ | \___ /\___ /
| |( <_> ) | | | // / / /
|____| \____/|__| |____//_____ \/_____ \
\/ \/
METHOD : GET
URL : http://www.myapp.com?q=FUZZ
WORDLIST : .\tofuzz\resources\test_wordlist.txt (15)
FUZZ URL : True
FUZZ BODY : False
--------------------------------------------------
PAYLOAD=BBBBBBBBBB | HTTP 200 | len = 17676
PAYLOAD=CCCCCCCCCCCCCCCCCCCC | HTTP 200 | len = 17263
PAYLOAD=AAAAA | HTTP 200 | len = 17671
PAYLOAD=EEEEEEEEEE | HTTP 200 | len = 17216
PAYLOAD=DDDDD | HTTP 200 | len = 17678
PAYLOAD=CCCCCCCCCC | HTTP 200 | len = 17612
PAYLOAD=DDDDDDDDDDDDDDDDDDDD | HTTP 200 | len = 17221
PAYLOAD=EEEEE | HTTP 200 | len = 17604
PAYLOAD=AAAAAAAAAAAAAAAAAAAA | HTTP 200 | len = 17670
PAYLOAD=BBBBB | HTTP 200 | len = 17681
PAYLOAD=DDDDDDDDDD | HTTP 200 | len = 17711
PAYLOAD=EEEEEEEEEEEEEEEEEEEE | HTTP 200 | len = 17295
PAYLOAD=AAAAAAAAAA | HTTP 200 | len = 17222
PAYLOAD=CCCCC | HTTP 200 | len = 17177
PAYLOAD=BBBBBBBBBBBBBBBBBBBB | HTTP 200 | len = 17686
Terminated with success
Execution time : 0.17 seconds
Tor Usage #
To use this fuzzer with tor :
- Start Tor Browser with the proxy
- Add the arguments to commandline
--tor
- start the fuzzing