Getting vulnerable addresses in servers with fuzzing
In this section, we will learn about the fuzzing process and how we can use this practice with Python projects to obtain URLs and addresses vulnerable to attackers.
The fuzzing process
A fuzzer is a program where we have a file that contains URLs that can be predictable for a specific application or server. Basically, we make a request for each predictable URL and if we see that the response is successful, it means that we have found a URL that is not public or is hidden, but later we see that we can access it.
Like most exploitable conditions, the fuzzing process is only useful against systems that improperly sanitize input or that take more data than they can handle. In general, the fuzzing process consists of the following phases:
- Identifying the target: To fuzz an application, we have to identify the target application.
- Identifying inputs: The vulnerability exists because the target application accepts a...