Some APIs always return same response status code and use empty response to tell from a error or from data not being found.
I'm thinking that the best way to work with this kind of endpoints is to have a exact --ignore-string flag which tests if the response body is exactly what is given.
Example rustbuster fuzz --ignore-exact "" -w wordlist.txt -u http://localhost:8000/api?field=FUZZ
A option to see response sizes in bytes like wfuzz gives also would address this use case when combined with grep by the user.
Some APIs always return same response status code and use empty response to tell from a error or from data not being found.
I'm thinking that the best way to work with this kind of endpoints is to have a exact
--ignore-stringflag which tests if the response body is exactly what is given.Example
rustbuster fuzz --ignore-exact "" -w wordlist.txt -u http://localhost:8000/api?field=FUZZA option to see response sizes in bytes like
wfuzzgives also would address this use case when combined withgrepby the user.