Hello everybody, I have a problem with ffuf for scanning all parameters in a web site (Module: "Attacking Web Application with Fuff" ). I ran first this command (for search for all pages .php):
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt -u http://184.108.40.206:32425/FUZZ -recursion -v -e .php
Later this: ffuf -w /opt/useful/SecLists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://ip/dir/page.php?FUZZ=key -fs xxx
The problem is this: I get all parameters name with status 403 I filter them and there isn't a good paramenter, Where did I make mistakes?