User Guide : Blackbox-testing wfuzz

Requirements

• <strong>A Wi-Fi dongle (supporting monitoring mode)</strong> connected to the host machine
• Recommended model : ipTIME N150UA-4dBi
• <strong>(Important!)</strong> In case of running the tool on virtual machine, avoid using the VirtualBox. We recommend you to run on the VMware because wfuzz is not fully compatible in the VirtualBox.

Step 1. Getting Started

To begin wfuzz, click Blackbox Testing on the main page of IoTcube, and proceed by clicking Wireless Testing.

Step 2. Downloading wfuzz

In the following page, download wfuzz, which is a zip containing the main fuzzer and packet database.

Linux (32 and 64 bit) is supported at the moment.

Step 3. Unarchiving Package

Please unzip the package "wfuzz.zip" downloaded in the previous step with your own unarchiving tool.

• config_wfuzz.sh: Configuration script for wfuzz. Must be run with <strong>root priviledge (sudo)</strong> before wfuzz(only once).
• wfuzz: You can launch a fuzzing process by executing this program. wfuzz must be run with <strong>root priviledge (sudo)</strong>
• data.db: It stores packets for smart &amp; stateful fuzzing.

Step 4. Running Program

Open terminal, go to the wfuzz directory and run config_wfuzz.sh with sudo command(only once).

Then run wfuzz with sudo command.

Step 5. Selecting A Dongle and A Target AP

Select a Wi-Fi dongle you've connected.

Select any profile of the target device. Then it automatically starts! wfuzz can test private acess points even if the authentication key is not available. If you want to stop the fuzzing process, press Ctrl + C

Step 6. Uploading Your Log

Find the log.wfl file created in the same directory as the fuzzing program and upload it to IoTcube.