Forum Discussion

GuyTester's avatar
GuyTester
New Contributor
6 years ago

Parameter values not entering Security Test

Cross-posting from https://stackoverflow.com/q/59442082/8180615

 

Step in question has properties like this:

"firstName": "${firstName}",
"lastName": "${lastName}",
"displayName": "${displayName}",
etc.

I tested this by running the test step itself, setting the first name property to "fff". The HTTP log showed that "fff" was sent, so no problem with the test step.

In my fuzzing scan, I selected all of the properties I want to "fuzz": enter image description here

I was expecting that each fuzzed request would replace "firstName" with a random string, but what I am seeing instead is that every request has all of the fields blank.

Sun Dec 22 08:10:34 IST 2019:DEBUG:>> "  "firstName": "",[\n]"
Sun Dec 22 08:10:34 IST 2019:DEBUG:>> "  "lastName": "",[\n]"
Sun Dec 22 08:10:34 IST 2019:DEBUG:>> "  "displayName": "",[\n]"

How do I get the fuzzing to be applied to my properties?

From the on-line documentation:

The Fuzzing Scan does just as described above; it generates totally random input for the specified request parameters for a specified number of requests, hoping to provoke some kind of unexpected . By default the generated values will be between 5 and 15 characters in lenght and mutated 100 times