Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
@RazMag
I am writing an active check function, trying to modify the protocol of https to http or modify the port to 80. But it seems that the attack builder build the request directly from the OAS ,
No matter what you put into the .uri the AttackRequest::builder will build the request with the protocol of the OAS.
pub async fn check_ssl(&self, auth: &Authorization) -> CheckRet { let mut ret_val: Vec<(ResponseData, AttackResponse)> = vec![]; let mut attack_log: AttackLog = AttackLog::default(); if let Some(server_url) = self.oas.servers() { for i in server_url { let format_url = create_http_url(i.url); let req = AttackRequest::builder() .uri(&format_url, "") .auth(auth.clone()) .build(); if let Ok(res) = req.send_request(true).await { //logging request/response/description attack_log.push(&req, &res, "Testing min/max values".to_string()); let res_data = ResponseData { location: new_url, alert_text: format!("The is not enforced by the server"), }; ret_val.push((res_data, res.clone())); println!( "{}:{}", "Status".green().bold(), res.status.to_string().magenta() ); } else { println!("REQUEST FAILED"); } } }
@RazMag I am writing an active check function, trying to modify the protocol of https to http or modify the port to 80. But it seems that the attack builder build the request directly from the OAS , No matter what you put into the .uri the AttackRequest::builder will build the request with the protocol of the OAS.
pub async fn check_ssl(&self, auth: &Authorization) -> CheckRet { let mut ret_val: Vec<(ResponseData, AttackResponse)> = vec![]; let mut attack_log: AttackLog = AttackLog::default(); if let Some(server_url) = self.oas.servers() { for i in server_url { let format_url = create_http_url(i.url); let req = AttackRequest::builder() .uri(&format_url, "") .auth(auth.clone()) .build(); if let Ok(res) = req.send_request(true).await { //logging request/response/description attack_log.push(&req, &res, "Testing min/max values".to_string()); let res_data = ResponseData { location: new_url, alert_text: format!("The is not enforced by the server"), }; ret_val.push((res_data, res.clone())); println!( "{}:{}", "Status".green().bold(), res.status.to_string().magenta() ); } else { println!("REQUEST FAILED"); } } }