search

OWASP / OFFAT

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
http://owasp.org/OFFAT/
MIT License
453 stars 64 forks source link

Support for HTTP/2 #116

Open henning410 opened 3 months ago

henning410 commented 3 months ago

If I understand correctly, OFFAT does not currently work for HTTP/2? I tried to fuzz some API that uses HTTP/2, but OFFAT produces

RemoteDisconnected('Remote end closed connection without response')

Is support for this planned in the future?

nrathaus commented 3 months ago

Unfortunately the extensive use of requests package prevent implementation of HTTP/2 as urllib3 which requests uses doesn't have nor plans to add HTTP/2

An alternative could be to migrate to: https://pypi.org/project/pycurl/ which support HTTP/2 if libcurl has HTTP/2 compiled into it