-
Reference: https://github.com/OWASP/OFFAT/issues/116#issuecomment-2403343802
-
If I understand correctly, OFFAT does not currently work for HTTP/2? I tried to fuzz some API that uses HTTP/2, but OFFAT produces
`RemoteDisconnected('Remote end closed connection without respons…
-
Currently each and every PR raised need to be tested manually. Add automated tests using pytest/unittest library which can test PR before merging using Github actions.
-
Link to the tool: https://... (minimum 1 required):
[link] https://github.com/OWASP/OFFAT [/link]
List of tags separated by comma: tag1,tag2,tag3... (required):
[tags] rest-api [/tags]
Shor…
-
Option -s , enables SSL verification and is on by default.
Testing within environments where there are self signed certs, is causing the tool to fail.
Debian (Kali) Certificate for this server …
-
I would suggest to add the following to the list we currently have:
1. `google_oauth_token`
2. `google_oauth`
3. `google_b64`
4. `awsBucket`
5. `xoxo-`
(used by slack)
6. `https://outlook.offic…
-
I believe an issue with many of the false negative I am seeing:
```
def fill_params(params: list[dict], is_v3: bool) -> list[dict]:
"""fills params for OAS/swagger specs"""
schema_params =…
-
Recreate:
```
mkdir /tmp/test
cd /tmp/test
python3 -mvenv venv
source venv/bin/activate
pip3 install offat
```
Results in:
```
ERROR: Could not find a version that satisfies the requiremen…
-
Documentation would requires more details for instance i got
![image](https://github.com/OWASP/OFFAT/assets/12461661/aded4b03-45fd-49b3-ad71-607ea8817064)
1st lines indicate leak found ; yes …
-
Broken Crystals is a demo site (listed here: https://owasp.org/www-project-vulnerable-web-applications-directory/ ) that can be used for testing your skills/software
The site highlights a few false…