>[!HELP] >https://wfuzz.readthedocs.io/en/latest/user/basicusage.html Below is shown an example of wfuzz looking for common directories: ```bash wfuzz -w wordlist/general/common.txt http://testphp.vulnweb.com/FUZZ ``` Below is shown an example of wfuzz looking for common files: ```bash wfuzz -w wordlist/general/common.txt http://testphp.vulnweb.com/FUZZ.php ``` ### Fuzzing POST Requests ### Fuzzing Cookies To send your own cookies to the server, for example, to associate a request to HTTP sessions, you can use the -b parameter (repeat for various cookies): ```bash wfuzz -z file,wordlist/general/common.txt -b cookie=value1 -b cookie2=value2 http://testphp.vulnweb.com/FUZZ ``` The command above will generate HTTP requests such as the one below: GET /attach HTTP/1.1 Host: testphp.vulnweb.com Accept: */* Content-Type: application/x-www-form-urlencoded Cookie: cookie=value1; cookie2=value2 User-Agent: Wfuzz/2.2 Connection: close Cookies can also be fuzzed: ```bash wfuzz -z file,wordlist/general/common.txt -b cookie=FUZZ http://testphp.vulnweb.com/ ``` ### Fuzzing with cookies ```bash wfuzz -w /usr/share/seclists/Fuzzing/LFI/LFI-LFISuite-pathtotest-huge.txt -b cookie=PHPSESSID=4llbtn03bclqkl5pjh6t41vu5v http://preprod-payroll.trick.htb/index.php?page=FUZZ ```