Closed lipeng28 closed 1 year ago
matusf
commented
1 year ago Hi, I'm not sure I follow you. Could you please explain in more detail? Or give an example? If you specify extra headers via the -H flag, the field will not take any other value than the supplied header (i.e. it will not be mutated).
lipeng28
commented
1 year ago Yes, what I meant is this. If the value of a variable is provided through -H flag, fuzzers won't mutate this variable any longer.
Hi, I'm not sure I follow you. Could you please explain in more detail? Or give an example? If you specify extra headers via the
-Hflag, the field will not take any other value than the supplied header (i.e. it will not be mutated).
lipeng28
commented
1 year ago Hi @matusf I tried a example, and found that a variable specified through -H option still got mutated, do you have any ideas about it? The detailed information is shown below:
"headers": [
[
"tenant-key",
"xxx"
],
[
"open-id",
"xxx"
]
],
"method": "GET",
"path": "/open-apis/merge/v1/account_token",
"path_params": [],
"query_params": [
[
"tenant-key",
"𰫘쏿𘯴𘉞𧧕𣾆폒剹𘜑𱧘𭣃𩩕쯻𢚧𦨉쉱𰈌𗮧𮳇俤𪳧𝞑簜㌍姉𒐱ꙍ𤤠𤮿⥺𒂄𧮸𪷯>𧤂𤆣𱂧𥐠ކ𨯻ꮨ𖧯緓𨋿𧉹胓𩩢⩂𮔆𬸻𤱸늌𩇞>𨝾柧🚺𨎻忤𬆽ꍆ𦳰𓆴轝죽럲𤈗羕𐔀🤳𘊄ꇗ>𠻃𱬳𮎓𰩣𑍌𩢸𫝞𥡦𘃂𒆑𨜫ᙄ𠹔𝥧瘫𨮲𨽙鎶𪻤𝚟𧟞𦰣𥓣盄𫯣𰮆𪃾ࢨ🌩 𢊆⽭𫎉𭻥𡯛 𧍼𩤜𡬐ㄗ𬻳𑚟蘻🨋✣걝𔖌掊﹃𐊪𐞫𬱲坹𠛰쎝𥁴㋳𧨧𫙂ꋫ𲂮" ] ],
matusf
commented
1 year ago Thanks for the example. I see that the mutated parameter is a query string. The -H option is only for specifying headers. Currently there is no way to override / specify a query string parameter.
lipeng28
commented
1 year ago What do you mean query string? i.e., -H "tenant-key: xxx"? From the description of developers, -H also provides the headers.
Hi There Is that possible for openapi fuzzer to disable the mutation of some specific params? Because these params are set through headers. Thanks Peng