When using multiple wordlists with the replay-proxy flag in ffuf, the tool may send incorrect results to the proxy if the wordlist keywords are similar.
This occurs because ffuf substitutes the second fuzzer (FUZZ1) with the keyword from the first wordlist (FUZZ), leading to a conflict in parameter names.

Steps to Reproduce

1. Run the following command:

   ffuf -w <wordlist1>:FUZZ -w <wordlist2>:FUZZ1 -u https://example.com/FUZZ/FUZZ1 -ic -fs 3534 -replay-proxy <burp-Proxy>

2. Observe the tool discovers two distinct results:
   • ABC (from wordlist1)
   • XYZ (from wordlist2)
3. The results sent to the proxy are incorrectly named:
   • ABC and ABC1 (instead of ABC and XYZ)

Expected Behavior

• ffuf should send both correct results to the proxy:
  • ABC (from wordlist1)
  • XYZ (from wordlist2)

Actual Behavior

• ffuf sends:
  • ABC (correct)
  • ABC1 (incorrect, replaces XYZ)

Root Cause

The conflict arises because ffuf uses FUZZ and FUZZ1 as placeholders for multiple wordlists. When the second fuzzer (FUZZ1) is substituted with a keyword from the first wordlist (FUZZ), the proxy receives both results with similar names (e.g., ABC and ABC1), even though the actual values are distinct (ABC and XYZ).

Additional Context

• The issue is exacerbated when using the replay-proxy flag, as the proxy relies on the parameter names generated by ffuf for result tracking.
• A screenshot of the issue is attached, showing the proxy receives ABC and ABC1 instead of ABC and XYZ.

Proposed Solution

Enhance ffuf to generate unique parameter names for each fuzzer, even when using similar keywords (replay-proxy)

Attachments

• Screenshot: