I am attempting to run a Secure test against a REST service. It is a POST request and all data is passed in the body. I have set up a number of variable substitutions in the body and am referencing those in the Secure test setup so that they can be manipulated.
When I try to run the Secure test, the transaction log seems to show the parameters being changed for Fuzzing Scan, SQL Injection, etc. However, the request that goes out uses the original parameter values as defined in the test case. Has anyone else seen this?