search

microsoft / restler-fuzzer

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
MIT License
2.59k stars 296 forks source link

refresh token script and custom payload header #641

Open naz25msr opened 2 years ago

naz25msr commented 2 years ago

Description

how to add custom payload header that is used for authorization.?

marina-p commented 1 year ago

Hello @naz25msr,

Apologies for the delay in responding. Is your goal to specify a static header with a value? If yes, add the following to the dictionary (at compilation time): 


"restler_custom_payload_header": { 
  "header_name": ["header_value"]
} ```  

This will inject the specified header into each request.  This is treated like any header, there is no specialized logic for authorization.  In particular, one current limitation of this approach is that the header value will not be filtered from the logs. 

Thanks,

Marina