About adding headers in fuzzing command

Endava / cats

CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.

Apache License 2.0

1.11k stars 75 forks source link

About adding headers in fuzzing command #64

Closed lipeng28 closed 1 year ago

lipeng28 commented 1 year ago

Hi There I have a question about providing headers in fuzzing command: ./cats -c swagger.yaml -s https://open.larksuite-pre.com/open-apis/merge/v1 -H= what is the exact option for -H? I tried a few combinations, but they all failed. In addition, if I specify "Tenant-Key" in the header option, does this value still get mutated?

Thanks Peng

en-milie commented 1 year ago

hi @lipeng28. The syntax is: `./cats -c swagger.yaml -s https://open.larksuite-pre.com/open-apis/merge/v1 -H Tenant-Key=XXX. The supplied headers won't get mutated.

lipeng28 commented 1 year ago

Thanks, however, I still found some errors caused by the following: Send [abugidas chars] in headers. Current header [Tenant-Key] [REPLACE with జ్ఞ\u200cా]. Looks like the headers still got mutated. Right?

en-milie commented 1 year ago

If the header is present in the OpenAPI definition, even you supply it through the command line, it will be fuzzed. But seems a good idea to add an --skipHeaders argument, similar to the --skipFields one.

lipeng28 commented 1 year ago

Thanks