Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

Fuzzing Scan: manipulate REST body between iterations

SOLVED
Solved
NikosG
Occasional Contributor
‎08-22-2019 07:56 AM
‎08-22-2019 07:56 AM

Fuzzing Scan: manipulate REST body between iterations

Hi

 

I wonder if during fuzzing scan one could manipulate the values in the JSON request body between each request.

Let's suppose that the basic POST request is something like the following

{

"id":id,

"data":"actual data targetted by scan"

}

The problem in my case is that the id has to be unique.

I would like to be able to set the id part to a different value. Something like <prefix>_<autoincrement value> so that the ids in each POST sent during the fuzzing scan are unique. For example { "id":"Prefix_1", "data":"fuzzing scan value 1"}, { "id":"Prefix_2", "data":"fuzzing scan value 2"} and so on. 

0 Kudos
3 REPLIES 3
richie
Community Hero
Community Hero
‎08-24-2019 11:12 AM
‎08-24-2019 11:12 AM

Hi @NikosG,

I don't know much about the different scan options in the sec component, but it appears from your post, you just want unique values for your id attribute....otherwise hardcoding the value will just result in your POST updating the existing record rather than creating a new record (if your POST method supports both create and update).

I use several options to support dynamic values in my tests, depending on the field length of my id attribute.

If the id field supports GUID lengths then you can replace your hardcoded value with

'${=java.util.UUID.randomUUID()}'

Which will generate GUID value such as '749ea0d5-ebe8-4f96-85c0-6e1121cbb8a9'

Or you if your id supports say just 13 digits you could use the following:

'${=System.currentTimeMillis()}'

Which generates the current time value into a milliseconds value such as '1566669888473'

I've also used a date generator (when i knew the test would never be executed > once per day with only 10 digits length to use such as

'${=(new Date().format('dd-MM-yyyy'))}'

Which generates a value such as '24-08-2019'

Does that help?
Cheers,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
0 Kudos
richie
Community Hero
Community Hero
In response to richie
‎08-25-2019 08:42 PM
‎08-25-2019 08:42 PM

Hi @NikosG,

I just re-read your original message and i think you state you want to concatenate a prefix to your dynamic value?

So as per the detail below for your dynamic values, you could add in a prefix to concatenate so say for testcase1 your id attribute value could be as follows:

'TestCase1_${=System.currentTimeMillis()}'

This would generate the following in your published .json

"Id" : "TestCase1_1566669888473"

Cheers,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
NikosG
Occasional Contributor
In response to richie
‎08-27-2019 03:48 AM
‎08-27-2019 03:48 AM

Hi @richie 

 

Thanks for the hint, I played around a bit and it worked like a charm.

 

regards

Nikos

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: