How to fuzz two parameters in a cookie #372
Description
Hello, i wonder How to fuzz two parameters in a cookie and avoiding issues. I was doing a lab where i need to use ip spoofing to avoid being blocked, so i could distinguish if a success doing this because the words, lines, etc. To achieve this i use a IP-spoof.txt with all possible custom headers to spoof the IP, and a second fuzz which will be a random number
wfuzz -u https://0ab2006104a3055d813434d300450078.web-security-academy.net/login -H "FUZZ: FUZ2Z" -d "username=1234&password=asd" -w IP-spoof.txt -z range,1-999 -X POST -p localhost:8080
Now this work perfect, but the issue is that is a CRFL right before the fuzzed header, which indeed spoil all the request because CRLF are important in http/1.1
I guess wfuzz is taking the double fuzz as a body and that's why it makes a CRLF.