Help With Question -> Proxies/ZAP Fuzzer

HTB Content Academy
24

OK, thanks for @retr0w 's hints , take a deep breath, and clam down.
i was almost there
find out a different size of response body, right click and open in Editor , then i found the flag.

anyway , i hate ZAP , i prefer ffuf

25

This really helped me! I combined it with another comment I saw here as well to get the answer… When sending a request think about the method GET vs. POST.

Thanks for all the help!

26

This helped me, to use POST Method

27

Use Cookie: cookie=something and select the value (in my case it’s something) then add the payload and processor.

28

image
image1648×694 119 KB

29

The ideea is that the response will have a larger body size due to the presence of the flag.
It’s actually simpler than we are used to think.

30

it’s good to have a alternative to ZAP Fuzzer, heres one you can do the same task with Burp Suite check it out.

31

Hello everyone, I wanted to ask you if you consider it necessary to study zap in depth or better dedicate time to burpsuite, which even has a certification :anguished: .

32

:white_check_mark: Step-by-Step: Using Burp Intruder Only

1. Visit the Target and Capture the Request

  • In your browser (proxying through Burp), go to:

arduino

CopyEdit

http://94.237.121.185:59501/skills/
  • In Burp Proxy, intercept the request and forward it.
  • In HTTP history, find the /skills/ request.
  • Right-click it → Send to Intruder.

2. Set Payload Position (Cookie)

  • In Intruder → Positions tab:
    • Clear all default positions.
    • Highlight only the hash part of the cookie (not the whole cookie).
      • Example:

latex

CopyEdit

Cookie: session=5f4dcc3b5aa765d61d8327deb882cf99
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  • Click Add.

3. Configure Payloads

  • Go to the Payloads tab:
    • Payload type: Simple list
    • Load this file:

bash

CopyEdit

/usr/share/seclists/Usernames/top-usernames-shortlist.txt

(Make sure it’s the raw usernames, not pre-hashed)

4. Add Payload Processing – MD5 Hash

  • At the bottom of the Payloads tab, expand “Payload Processing”.
  • Click Add → Choose Hash – MD5
  • Now, Burp will hash each username as it’s inserted into the request.

5. Start Attack

  • Click Start Attack (Community) or Start Live Attack.
  • Let it run until you see all results populated.

6. Sort by Length

  • In the Intruder results:
    • Click the Length column to sort.
    • Look for a longer or shorter response than the others.

:brain: Most responses will be the same (e.g. 1005 bytes). One will be different (e.g. 1200+ bytes). That’s your hit.