Hacking

Wuzz: An interactive CLI tool for HTTP inspection

February 23, 2017 by Nikos Danopoulos

It has been a few days since I discovered a great tool called Wuzz, a Command Line Interface tool for HTTP inspection. Its author, asciimoo, has done a really good job with this. Security Researchers mainly use this tool during assessments to better understand what is going on with their HTTP requests. Of course, with Wuzz, you can also manipulate the request, add parameters and more. A response window that displays the HTTP Response is available. It is important not to compare this tool with tools like Burp Proxy. They are different tools; Burp is an HTTP Proxy, while Wuzz is an HTTP inspection tool. We cannot compare them!

What I like about Wuzz is its “geeky” Command Line Interface. By using the TAB button or Ctrl+J, you can easily move through the windows.

Wuzz Usage

For the following examples, I will use https://httpbin.org/get and a local – vulnerable on purpose – web application I created as the main subjects. Of course, you can find the code of my vulnerable web application on Github: wuzz-example.site. The first website will be used to understand how to use Wuzz. The second example, the vulnerable application, will be used to explain how Wuzz can help us during an assessment. Feel free to use your Web Applications to test this great tool in depth.

To begin, we have to provide Wuzz with a URL to request. As mentioned, the first subject we will examine is httpbin(1): HTTP Client Testing Service. We can either press Enter or Ctrl+r to send the request.

Let’s break down the available windows:

URL: The first window, URL, is where we specify our target URL.

Method: The HTTP Method used.

URL Params: Here, we can provide our HTTP Request with some extra URL parameters.

Request Data: We can give some more request data. This would work, for example, on POST requests like credential submission etc.

Request Headers: Here, we can insert or modify some HTTP Request headers (e.g., User-Agent).

Response Headers: The response to our HTTP request.

Response Body: The content of the requested page.

Search: Here, we can search inside your requests for specific information.

As you can see on the Response body in Image 1.1, several bits of the information are returned. Once again, the response body shows the website’s content we requested. This website was designed for this exact purpose, to perform HTTP tests, and this is why the content contains information like “website,” “headers,” “arguments,” and more. Let’s now attempt to add some URL parameters.

In the example above (Image 1.2), we have used the URL params window to add some extra parameters, parameter1 and parameter2 with values wuzz
and is_great, respectively.

Also, notice the change in the response body. We can see that the parameters were added successfully by checking the arguments (args) list. Let’s add some extra headers, like a User-Agent and a random one. To do this, we just move to the Request Headers window and type in our headers. Here is an example of using the Linux Firefox User Agent:

To add another Request header, we have to insert it above – or below – the current one. For example, let’s insert another header called “Another-Header” with the value “Is-set.” The request headers and the response body should look like this:

Of course, there are several other options that you can use with Wuzz. For example, you can use the search window at the bottom to search for the responses, you can use Ctrl+H to browse your Request history, or you are even able to save your results for later examination (JSON ftw!). Moreover, you can parse arguments to Wuzz from the terminal window before executing Wuzz. I highly encourage you to go through all of its options as we will not cover them in this article. Here is the official Wuzz repository. The GIF and the available commands will help you understand how Wuzz works.

Using Wuzz During Security Assessments

As previously mentioned, I have created some vulnerable labs to demonstrate how useful Wuzz can be during a security assessment. Of course, the labs I created are very – VERY – simple. Their purpose is to illustrate the functions of Wuzz. We will see how to exploit an LFI vulnerability with Wuzz, and moreover, we will go through some classic challenges which require changing a Cookie value to proceed on a page, changing the User-Agent and more. Again, I don’t recommend you stop using your old-time classic tools for your assessments, but this is an extra fun one!

https://www.youtube.com/watch?v=x725HBfANNU

You can find the Web Application code here.

Thanks for reading. I hope you enjoyed this article as much as I did!

Posted: February 23, 2017
Nikos Danopoulos
View Profile

Nikos Danopoulos has worked as Junior IT Security Researcher at eLearnSecurity. Moreover he was contributed on several projects such as: HACKADEMIC - OWASP, Hack.me and more. You can contact him at danopoulosnikos@gmail.com or you can find him on Twitter: @nikosdanopoulos.