rohanpadhye
commented
4 years ago I've never tried it, but it can work. As long as your REST APIs are implemented in Java, you can write a test driver that invokes various API endpoints. If you want to fuzz a sequence of API calls, then you will need to write a test driver that takes in a list of HTTP requests.
You can check out the tutorial for fuzzing a compiler, which gives you a way of fuzzing some application that takes in string input using a custom generator. You can then modify this to fuzzing a REST endpoint and change the generator from JavaScript to HTTP or whatever format your API endpoint accepts.
I'd also like to point you to RESTler, which is a dedicated REST API fuzzer.
larkinscarvalho
Hi @rohanpadhye,
Can we test REST API's using JQF Fuzzer? If yes, can you please point me to the documentation or some example application?
Thanks! Lark