Web Enumeration – Fuzzing for HTTP Parameters Enumeration

Hi, and welcome to this new video! In this video I continue my web exploitation series by continuing the enumeration portion of the course. This time it is all about about parameter enumeration. Specifically, I will discuss how to use wfuzz in order to discover HTTP parameters such as GET parameters in the URL, or POST parameters in the body. If you're interested in more videos of the series or if you have any feedback, please let me know! ------------------------- TIMESTAMP 00:00 Introduction 01:50 Docker lab 05:35 Wfuzz scenario 1 – discovery of parameter name 21:10 Wfuzz scenario 2 – discovery of debug parameter 24:05 Wfuzz scenario 3 – discovery of parameter value 30:30 Insecure Direct Object Reference (IDOR) 33:00 Wfuzz scenario 4 – sending requests to burpsuite 35:15 Wfuzz scenario 4 – discovery of POST data 36:44 Conclusion ------------------------- REFERENCES - Material: https://github.com/LeonardoE95/yt-en/tree/main/src/2024-05-06-web-exploitation-enumeration-of-parameters - OSCP repository: https://github.com/LeonardoE95/OSCP - BurpSuite Community Edition: https://portswigger.net/burp/communitydownload ------------------------- CONTACTS - Blog: https://blog.leonardotamiano.xyz/ - Github: https://github.com/LeonardoE95?tab=repositories - Support: https://www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ