It’s been a while since I did some sharing, so here you go…I’ve started using this web application fuzzing tool recently called wfuzz:
http://www.edge-security.com/wfuzz.php
It is a cool application for fuzzing parameters in web applications, including login forms. An example of of wfuzz syntax attempting to brute force a web application login form (in this case a Cisco VPN admin page (wishful thinking : P)):
wfuzz -c -z file -f /wordlists/big.txt –hc 404 –html -d “login=admin&password=FUZZ&ok=Login” https://10.10.10.10/admin.html 2 > cisco_vpn_admin.txt
You enter FUZZ in the parameter you wish to fuzz. Pretty simple once you get the hang of it…