search

KissPeter / APIFuzzer

Fuzz test your application using your OpenAPI or Swagger API definition without coding
GNU General Public License v3.0
428 stars 69 forks source link

Implement request and response logging #4

Closed LyashenkoGS closed 5 years ago

LyashenkoGS commented 6 years ago

[new feature] As a user, I want to set logging level as command line parameter. The output and reports with log level debug should include request/response with headers. Example: python fuzzer.py -s your_swagger_definition.json -u http://localhost:8080/ --log DEBUG Output:

  Request:
GET /product/show/%7Bid%7D?id=asd HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.18.4
  Response:
HTTP/1.1 400 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 05 Feb 2018 12:42:42 GMT
Connection: close
Body:
{"timestamp":1517834562537,"status":400,"error":"Bad Request","exception":"org.springframework.web.method.annotation.MethodArgumentTypeMismatchException","message":"Failed to convert value of type 'java.lang.String' to required type 'java.lang.Integer'; nested exception is java.lang.NumberFormatException: For input string: \"{id}\"","path":"/product/show/%7Bid%7D"}
KissPeter commented 6 years ago

You mean for errors or for all requests?

LyashenkoGS commented 6 years ago

I mean for all requests.

KissPeter commented 6 years ago

It can be implemented, but keep in mind, for a bigger swagger template it may generare millions of tests, which would mean millions of files

LyashenkoGS commented 6 years ago

I know. I think it'll be handy for troubleshooting the fuzzer itself. At least I hardcoded that functionality locally, during working on the fuzzer and it was more convenient than using Wireshark.

KissPeter commented 5 years ago

Finally this tiny feature is ready: Nov 4 21:56:50 HP-8460p 22715 [DEBUG] root: Request url:http://127.0.0.1:5000/exception/Co0 Request method: GET Request headers: {} Request body: None Nov 4 21:56:50 HP-8460p 22715 [DEBUG] urllib3.connectionpool: Starting new HTTP connection (1): 127.0.0.1 Nov 4 21:56:50 HP-8460p 22715 [DEBUG] urllib3.connectionpool: http://127.0.0.1:5000 "GET /exception/Co0 HTTP/1.1" 500 73 Nov 4 21:56:50 HP-8460p 22715 [DEBUG] root: Response code:500 Response headers: { "Content-Type": "text/html; charset=utf-8", "Content-Length": "73", "Server": "Werkzeug/0.16.0 Python/3.6.8", "Date": "Mon, 04 Nov 2019 20:56:50 GMT" } Response body: b"Test application exception: invalid literal for int() with base 10: 'Co0'"