Question

Whenever I approach a new target, I prefer to search for bugs manually. Manual testing is great for discovering new and unexpected attack vectors. It can also help you learn new security concepts in depth. But manual testing also takes a lot of time and effort, so as with automating reconnaissance, you should strive to automate at least part of the process of finding bugs. Automated testing can help you tease out a large number of bugs within a short time frame.

每当我接近一个新目标时，我更喜欢手动搜索漏洞。手动测试非常适用于发现新的和意想不到的攻击向量。它也可以帮助你深入学习新的安全概念。但手动测试也需要大量的时间和精力，所以与自动化侦察一样，你应该努力自动化至少部分查找漏洞的过程。自动化测试可以帮助你在短时间内找出大量的漏洞。

In fact, the best-performing bug bounty hunters automate most of their hacking process. They automate their recon, and write programs that constantly look for vulnerabilities on the targets of their choice. Whenever their tools notify them of a potential vulnerability, they immediately verify and report it.

实际上，表现最佳的赏金猎人会自动化他们的绝大部分黑客过程。他们自动化侦查，并编写程序，不断搜索他们选择的目标的漏洞。每当他们的工具通知他们存在潜在漏洞时，他们立即验证并报告。

Bugs discovered through an automation technique called fuzzing , or fuzz testing , now account for a majority of new CVE entries. While often associated with the development of binary exploits, fuzzing can also be used for discovering vulnerabilities in web applications. In this chapter, we’ll talk a bit about fuzzing web applications by using two tools, Burp intruder and Wfuzz, and about what it can help you achieve.

利用称为模糊测试或 Fuzzing 的自动化技术发现的漏洞现在占新 CVE 条目的大部分。虽然通常与开发二进制漏洞有关，但 Fuzzing 也可用于发现 Web 应用程序中的漏洞。在本章中，我们将介绍使用两个工具 Burp Intruder 和 Wfuzz 来对 Web 应用程序进行 Fuzzing 的相关知识，以及它可以帮助您实现什么。