en-milie
commented
2 years ago Hi @dglee0307. This is the actual intent of the Fuzzer to send weird characters. In this case https://en.wikipedia.org/wiki/Abugida. The purpose is to see how the application/service reacts when getting such characters. In this case it seems that it's responding with an html, rather than a valid JSON. Meaning that something is broken on the server side when processing such characters.
dglee0307
First of all, I'm using this project really well. Thank you. But, there was a problem performing the REST API Fuzzing test with this project. Please tell me the solution to this problem. I worked on the project by writing kali linux(kali-linux-2021.4-installer-amd64.iso) on Virtual Box. The REST API uses swagger 2.0.
1) The characters are broken. ex) Scenario Send [values containing abugidas chars] in request fields: field [logfilterid], value [REPLACE with iజ్ఞ\u200cాP], is required [FALSE]
2) The jsonbody of the response part is strange. ex) Response { "responseCode": 200, "httpMethod": "GET", "jsonBody": { "notAJson": "<?xml version='1.0' encoding='UTF-8' ?>\n<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\"><head id=\"j_idt2\"><link type=\"text/css\" rel=\"stylesheet\" href=\"/mc2/faces/javax.faces.resource/theme.css?ln=primefaces-dain\" /><link type=\"text/css\" rel=\"stylesheet\" href=\"/mc2/faces/javax.faces.resource/font-awesome/5.13.0/css/all.min-jsf.css?ln=webjars\" /><link type=\"text/css\" rel=\"stylesheet\" href=\"/mc2/faces/javax.faces.resource/font-awesome/5.13.0/css/v4-shims.min-jsf.css?ln=webjars\" /><link t" }, "responseTimeInMs": "3", "numberOfWordsInResponse": "53", "numberOfLinesInResponse": "9", "contentLengthInBytes": "1126" }