Amit Agarwal Linux Blog

Leveraging ffuf for Timing Attacks: Practical Workflow and Burp Integration

2026-03-23 2 min read Cybersecurity Tools Web Security

Introduction

Timing attacks exploit measurable delays in web application responses to uncover hidden information—like valid usernames or authentication tokens. ffuf, a fast web fuzzer, offers unique features for such attacks, including filtering by response time and flexible request handling. This guide demonstrates how to use ffuf for timing attacks, filter results using the -ft option, troubleshoot common issues, and maximize effectiveness by importing Burp Suite requests.

Performing Timing Attacks with ffuf

[Using ffuf]: Filtering by Response Time with -ft

  • ffuf enables filtering fuzz results based on response time using the -ft flag.
  • Example usage for identifying responses faster than 100 milliseconds:
1

ffuf -u https://target.com/login?user=FUZZ -w users.txt -ft '<100'
  • This command only shows responses completed in more than 100 ms—ideal for detecting timing-based weaknesses.
  • Note: -ft supports comparison operators (<, >) for granular filtering.

[Using ffuf]: Troubleshooting -mt Issues

  • -mt (match time) is intended to abort requests exceeding a threshold, but it may not function reliably in certain scenarios.
  • In my experience, -mt did work correctly.
  • If -mt fails, stick with -ft for output filtering.

Integrating Burp Requests with ffuf

[Using ffuf]: Using Burp Suite Requests via -request

  • ffuf’s -request option lets you use a raw HTTP request captured in Burp Suite.
  • Steps:
    1. Export your desired request from Burp Suite as a text file (e.g., burp.req).
    2. Use ffuf with the -request flag and specify the wordlist position with FUZZ:
1

ffuf -request burp.req -w users.txt -ft '<100'

Use -request-proto to specify the protocol as http or https.

  • This method ensures your fuzzing matches the exact structure, headers, and cookies captured by Burp—a must for complex endpoints.
  • For timing attacks, precise request replication increases reliability and reduces false positives.

Why Burp Integration Matters in Timing Attacks

  • Many web applications require custom headers, tokens, or cookies for valid requests.
  • Using Burp requests with ffuf allows you to replicate authenticated or session-bound requests—critical when timing differences are subtle.
  • This approach avoids issues with malformed requests and ensures each fuzzing attempt is valid, leading to more accurate timing analysis.

Conclusion

ffuf is a powerful tool for timing attacks, especially when leveraging the -ft filter for response time and integrating Burp Suite requests for authenticity. If -mt fails to abort slow requests, rely on -ft for output filtering. For complex targets, exporting Burp requests guarantees your fuzzing is both effective and precise. Use these techniques to sharpen your timing attack workflow and uncover subtle vulnerabilities in web applications.

Ffuf Timing Attacks Web Security Burp Penetration Testing
comments powered by Disqus
© 2018 - 2026 by Amit Agarwal
Bilberry Hugo Theme