We can also fuzz request headers using ffuf.
We can execute the following command to fuzz the request headers using a wordlist:
./ffuf -c -X FUZZ -w <http_methods_wordlist> -u <url>
The following screenshot shows the output of the preceding command:
As we can see in the preceding screenshot, the fuzzer foundĀ a few HTTP methods that are acceptable to the web application server. Let's try to fuzz the same case using Burp Suite.
Note: The -c option in ffuf is given to add color to the HTTP response code. It helps us to identify hidden files and directories faster.