using ffuf with ZAP for Vhost discovery
132 views
Skip to first unread message
someone here
Apr 3, 2024, 3:58:47 PM4/3/24
to ZAP User Group
while i was using ffuf tool to brute force a virtual host discovery i used this command to proxy the requests through ZAP on port 8888
ffuf.exe -H "Host: FUZZ.example.com" -u http://ip -w E:\vhost-wordlist.txt -X POST -x http://127.0.0.1:8888
so when i saw the requests in the zap history i expected that it will be like this
POST http://ip/ HTTP/1.1
host: someword.example.com
User-Agent: Fuzz Faster U Fool v1.5.0-dev
Content-Length: 0
host: someword.example.com
User-Agent: Fuzz Faster U Fool v1.5.0-dev
Content-Length: 0
But i found it like that
POST http:// someword.example.com / HTTP/1.1
host: someword.example.com
User-Agent: Fuzz Faster U Fool v1.5.0-dev
Content-Length: 0
POST http:// someword.example.com / HTTP/1.1
host: someword.example.com
User-Agent: Fuzz Faster U Fool v1.5.0-dev
Content-Length: 0
did ZAP modify the URL from ip to the host header or it is the effect of the ffuf tool and how i could fix this
Thanks in advance
Reply all
Reply to author
Forward
0 new messages