cancel
Showing results for 
Search instead for 
Did you mean: 

Fuzzing Scan: manipulate REST body between iterations

SOLVED
Highlighted
Occasional Contributor

Fuzzing Scan: manipulate REST body between iterations

Hi

 

I wonder if during fuzzing scan one could manipulate the values in the JSON request body between each request.

Let's suppose that the basic POST request is something like the following

{

"id":id,

"data":"actual data targetted by scan"

}

The problem in my case is that the id has to be unique.

I would like to be able to set the id part to a different value. Something like <prefix>_<autoincrement value> so that the ids in each POST sent during the fuzzing scan are unique. For example { "id":"Prefix_1", "data":"fuzzing scan value 1"}, { "id":"Prefix_2", "data":"fuzzing scan value 2"} and so on. 

1 ACCEPTED SOLUTION

Accepted Solutions
Community Hero

Re: Fuzzing Scan: manipulate REST body between iterations

Hi @NikosG,

I just re-read your original message and i think you state you want to concatenate a prefix to your dynamic value?

So as per the detail below for your dynamic values, you could add in a prefix to concatenate so say for testcase1 your id attribute value could be as follows:

'TestCase1_${=System.currentTimeMillis()}'

This would generate the following in your published .json

"Id" : "TestCase1_1566669888473"

Cheers,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the title of the post to something more descriptive? This will help people when searching for problems.
3 REPLIES 3
Community Hero

Re: Fuzzing Scan: manipulate REST body between iterations

Hi @NikosG,

I don't know much about the different scan options in the sec component, but it appears from your post, you just want unique values for your id attribute....otherwise hardcoding the value will just result in your POST updating the existing record rather than creating a new record (if your POST method supports both create and update).

I use several options to support dynamic values in my tests, depending on the field length of my id attribute.

If the id field supports GUID lengths then you can replace your hardcoded value with

'${=java.util.UUID.randomUUID()}'

Which will generate GUID value such as '749ea0d5-ebe8-4f96-85c0-6e1121cbb8a9'

Or you if your id supports say just 13 digits you could use the following:

'${=System.currentTimeMillis()}'

Which generates the current time value into a milliseconds value such as '1566669888473'

I've also used a date generator (when i knew the test would never be executed > once per day with only 10 digits length to use such as

'${=(new Date().format('dd-MM-yyyy'))}'

Which generates a value such as '24-08-2019'

Does that help?
Cheers,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the title of the post to something more descriptive? This will help people when searching for problems.
Community Hero

Re: Fuzzing Scan: manipulate REST body between iterations

Hi @NikosG,

I just re-read your original message and i think you state you want to concatenate a prefix to your dynamic value?

So as per the detail below for your dynamic values, you could add in a prefix to concatenate so say for testcase1 your id attribute value could be as follows:

'TestCase1_${=System.currentTimeMillis()}'

This would generate the following in your published .json

"Id" : "TestCase1_1566669888473"

Cheers,

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the title of the post to something more descriptive? This will help people when searching for problems.
Occasional Contributor

Re: Fuzzing Scan: manipulate REST body between iterations

Hi @richie 

 

Thanks for the hint, I played around a bit and it worked like a charm.

 

regards

Nikos

New Here?
Join us and watch the welcome video:
Join the exciting event
SeptemberHubBub
Top Kudoed Authors
Join the September Hub-bub to show off, learn and win