Forum Discussion

NikosG's avatar
NikosG
Occasional Contributor
6 years ago

Fuzzing Scan: manipulate REST body between iterations

Hi

 

I wonder if during fuzzing scan one could manipulate the values in the JSON request body between each request.

Let's suppose that the basic POST request is something like the following

{

"id":id,

"data":"actual data targetted by scan"

}

The problem in my case is that the id has to be unique.

I would like to be able to set the id part to a different value. Something like <prefix>_<autoincrement value> so that the ids in each POST sent during the fuzzing scan are unique. For example { "id":"Prefix_1", "data":"fuzzing scan value 1"}, { "id":"Prefix_2", "data":"fuzzing scan value 2"} and so on. 

  • Hi NikosG,

    I just re-read your original message and i think you state you want to concatenate a prefix to your dynamic value?

    So as per the detail below for your dynamic values, you could add in a prefix to concatenate so say for testcase1 your id attribute value could be as follows:

    'TestCase1_${=System.currentTimeMillis()}'

    This would generate the following in your published .json

    "Id" : "TestCase1_1566669888473"

    Cheers,

    Rich
  • richie's avatar
    richie
    Community Hero
    Hi NikosG,

    I don't know much about the different scan options in the sec component, but it appears from your post, you just want unique values for your id attribute....otherwise hardcoding the value will just result in your POST updating the existing record rather than creating a new record (if your POST method supports both create and update).

    I use several options to support dynamic values in my tests, depending on the field length of my id attribute.

    If the id field supports GUID lengths then you can replace your hardcoded value with

    '${=java.util.UUID.randomUUID()}'

    Which will generate GUID value such as '749ea0d5-ebe8-4f96-85c0-6e1121cbb8a9'

    Or you if your id supports say just 13 digits you could use the following:

    '${=System.currentTimeMillis()}'

    Which generates the current time value into a milliseconds value such as '1566669888473'

    I've also used a date generator (when i knew the test would never be executed > once per day with only 10 digits length to use such as

    '${=(new Date().format('dd-MM-yyyy'))}'

    Which generates a value such as '24-08-2019'

    Does that help?
    Cheers,

    Rich
    • richie's avatar
      richie
      Community Hero
      Hi NikosG,

      I just re-read your original message and i think you state you want to concatenate a prefix to your dynamic value?

      So as per the detail below for your dynamic values, you could add in a prefix to concatenate so say for testcase1 your id attribute value could be as follows:

      'TestCase1_${=System.currentTimeMillis()}'

      This would generate the following in your published .json

      "Id" : "TestCase1_1566669888473"

      Cheers,

      Rich
      • NikosG's avatar
        NikosG
        Occasional Contributor

        Hi richie 

         

        Thanks for the hint, I played around a bit and it worked like a charm.

         

        regards

        Nikos