ZAP Fuzzer is a very useful tool for reply attack, brute force, and multiple entropy calculations. Personally, I think it’s better than the burp suite intruder (it’s more flexible).

Can use Regex to make and test payload lists in ZAP Fuzzer. I’d like to talk about that today. Let’s start!


Regex on ZAP Fuzzer?

First of all, zap fuzzer is to support various payload pattern. File, file fuzzer, number, (dirbuster, jbrofuzz), scripts(script zap)

frankly, just easy, except scripts know how to use a simple.
Regex payload, you can make a payload list to regular expression.

I think it’s easy to make a payload list even if you know two things below. Of course, if you know regular expression well, you can create a variety of payloads. It’s good to study the regular expression well.

[ ] => Character(int) Range
{ } => Number of outputs
e.g
[a-f]{4}

=> a four-letter pattern of a-f
[a-f]{2}[1-9]{5}

=> a-f pattern 2 characters + 1-9 pattern 5 characters
=> result
aa11111 
aa11112 
aa11113 
aa11114 
aa11115

Regex case

Regex: [0-9]
Result
0
1
2
3
4
5
6
7
8
9
Regex: [0-9]{2}
Result
00
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
Regex: [a-z]{2}
Result
aa
ab
ac
ad
ae
af
ag
ah
ai
md5
Regex: [a-f0-9]{32}
Result
0000000000000000000000000000004a
0000000000000000000000000000004b
0000000000000000000000000000004c
0000000000000000000000000000004d
0000000000000000000000000000004e
0000000000000000000000000000004f
00000000000000000000000000000050
00000000000000000000000000000051
00000000000000000000000000000052
Regex: [a-z]{4}[HI][1-4]
Result
aaaaH1
aaaaH2
aaaaH3
aaaaH4
aaaaI1
aaaaI2
aaaaI3
aaaaI4
aaabH1
aaabH2
aaabH3
aaabH4
aaabI1
aaabI2
Regex: [0-f]{12}
Result
789273f16e67f3d6
789273f16e67f3d7
789273f16e67f3d8
...

Creates a payload that matches the pattern, increasing the value. And if you think about it, there’s one fatal disadvantage.

There is no specific way to random values. (The regular expression for Random is also a problem, but ZAP itself generates sequentially……)


Random???

I needed to use a random value, but it wasn’t available in the end, so we added a payload by writing it as a Ruby.

arr = [0,1,2,3,4,5,6,7,8,9,'a','b','c','d','e','f']

rand(16)
d = ""


for i in 0..1000
  r = ""
  for j in 0..15
    r = r + arr[rand(16)].to_s
  end
  p r
  d = d+r+"\n"
end


f = open('out.txt','w')
f.write d
fuzzer > file > select 'out.txt'

댓글 없음:

댓글 쓰기