Closed lipeng28 closed 1 year ago
Hi, I'm not sure I follow you. Could you please explain in more detail? Or give an example? If you specify extra headers via the -H
flag, the field will not take any other value than the supplied header (i.e. it will not be mutated).
Yes, what I meant is this. If the value of a variable is provided through -H flag, fuzzers won't mutate this variable any longer.
Hi, I'm not sure I follow you. Could you please explain in more detail? Or give an example? If you specify extra headers via the
-H
flag, the field will not take any other value than the supplied header (i.e. it will not be mutated).
Hi @matusf I tried a example, and found that a variable specified through -H option still got mutated, do you have any ideas about it? The detailed information is shown below:
"headers": [
[
"tenant-key",
"xxx"
],
[
"open-id",
"xxx"
]
],
"method": "GET",
"path": "/open-apis/merge/v1/account_token",
"path_params": [],
"query_params": [
[
"tenant-key",
"𰫘쏿𘯴𘉞𧧕𣾆폒剹𘜑𱧘𭣃𩩕쯻𢚧𦨉쉱𰈌𗮧俤𪳧𝞑簜㌍姉𒐱ꙍ𤤠𤮿⥺𒂄𧮸𪷯>𧤂𤆣𱂧𥐠ކ𨯻ꮨ𖧯緓𨋿𧉹胓𩩢⩂𮔆𬸻𤱸늌𩇞>𨝾柧🚺𨎻忤𬆽ꍆ𦳰𓆴轝죽럲𤈗羕𐔀🤳𘊄ꇗ>𠻃𱬳𮎓𰩣𑍌𩢸𫝞𥡦𘃂𒆑𨜫ᙄ𠹔𝥧瘫𨮲𨽙
鎶𪻤𝚟𧟞𦰣𥓣盄𫯣𰮆𪃾ࢨ🌩 𢊆⽭𫎉𭻥𡯛 𧍼𩤜𡬐ㄗ𬻳𑚟蘻🨋✣걝𔖌掊﹃𐊪𐞫𬱲坹𠛰쎝𥁴㋳𧨧𫙂ꋫ𲂮" ] ],
Thanks for the example. I see that the mutated parameter is a query string. The -H
option is only for specifying headers. Currently there is no way to override / specify a query string parameter.
What do you mean query string? i.e., -H "tenant-key: xxx"? From the description of developers, -H also provides the headers.
Hi There Is that possible for openapi fuzzer to disable the mutation of some specific params? Because these params are set through headers. Thanks Peng