WebTheFuzzer control tower
wget https://go.dev/dl/go1.21.3.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.3.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/binmake # make fuzzer
make clean # clean all
make clean-dir # clean all except fuzzer{
"testname": "test",
"afl_path": "/afl",
"target_binary": "/usr/local/bin/php-cgi ",
"base_url": "https://localhost:{PORT}/",
"base_port": 80,
"timeout" : 60,
"ld_library_path": "/lib",
"ld_preload": "/lib/hook_recv.so",
"memory": "8G",
"first_crash": true,
"cores": 1,
"login": {
"url": "https://localhost:{PORT}/login",
"port": 80,
"postData": "id=admin&pw=admin",
"getData": "id=guest&pw=guest",
"positiveHeaders": {"content-type": "Application/json"},
"positiveBody": "",
"method": "POST",
"loginSessionCookie" : "PHPSESSID"
}
}This file can be generated by WTF-Crawler
./fuzzer /path/to/config.json /path/to/request_data.json