-
If I understand correctly, OFFAT does not currently work for HTTP/2? I tried to fuzz some API that uses HTTP/2, but OFFAT produces
`RemoteDisconnected('Remote end closed connection without respons…
-
Currently each and every PR raised need to be tested manually. Add automated tests using pytest/unittest library which can test PR before merging using Github actions.
-
The endpoint: `https://brokencrystals.com/api/testimonials/count?query=%27` is vulnerable to an SQL injection
The endpoint does NOT return `50X` error when the SQL injection occurs, thus: `STATUS_C…
-
Link to the tool: https://... (minimum 1 required):
[link] https://github.com/OWASP/OFFAT [/link]
List of tags separated by comma: tag1,tag2,tag3... (required):
[tags] rest-api [/tags]
Shor…
-
Hi @dmdhrumilmistry ,
I tried using the OFFAT Tool, it did work when I use the **https://petstore.swagger.io/v2/swagger.json**, but when I try using other open source API's swagger.json, the tool fa…
-
Option -s , enables SSL verification and is on by default.
Testing within environments where there are self signed certs, is causing the tool to fail.
Debian (Kali) Certificate for this server …
-
Recreate:
```
mkdir /tmp/test
cd /tmp/test
python3 -mvenv venv
source venv/bin/activate
pip3 install offat
```
Results in:
```
ERROR: Could not find a version that satisfies the requiremen…
-
I would suggest to add the following to the list we currently have:
1. `google_oauth_token`
2. `google_oauth`
3. `google_b64`
4. `awsBucket`
5. `xoxo-`
(used by slack)
6. `https://outlook.offic…
-
I believe an issue with many of the false negative I am seeing:
```
def fill_params(params: list[dict], is_v3: bool) -> list[dict]:
"""fills params for OAS/swagger specs"""
schema_params =…
-
At the moment the outcome of endpoint testing is very "human" oriented and very "grammar" sensitive, meaning that a person needs to read each sentence and use logic to understand if the endpoint is or…