search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.08k stars 78 forks source link

Fix auth #115

Closed DeliciousBounty closed 1 year ago

DeliciousBounty commented 1 year ago

Hey I fixed authentication and made some changes in auth.rs and conf.rs In response to my issue #109

DeliciousBounty commented 1 year ago

@GuyL99 , I did not forget to implement the custom auth type. Actually cherrybomb support four types of authentication: basic, bearer, header, cookie. You can see https://github.com/blst-security/cherrybomb/blob/fix_auth/cherrybomb-engine/src/scan/active/http_client/auth.rs that all of them are implemented. ( see the "from_parts" function)

GuyL99 commented 1 year ago

Why not include custom then?

DeliciousBounty commented 1 year ago

Raz called it header type instead of custom, it is work the same way. User provide header and value

GuyL99 commented 1 year ago

Custom can be delivered by query or payload as a parameter...

DeliciousBounty commented 1 year ago

Custom can be delivered by query or payload as a parameter... @RazMag I get it. So actually the new cherrybomb CLI does not include custom authentication. I implemented authentication in according to the new CLI. maybe open an issue for it?

RazMag commented 1 year ago

Merged with dev, will be added to main in 1.0.1