Leading Control Characters
Item | Description |
---|---|
Full Fuzzer Name | LeadingControlCharsInHeadersFuzzer |
Log Key | LCCIH |
Description | This fuzzer prefixes headers with unicode control characters. The expectation is that APIs will reject the requests as invalid. |
Enabled by default? | No. You need to supply --includeControlChars argument |
Target headers types | All |
Expected result when fuzzed header is required | 4XX |
Expected result when fuzzed header is optional | 4XX |
Fuzzing logic | Iteratively prefixes headers with control characters |
Conditions when this fuzzer will be skipped | None |
HTTP methods that will be skipped | None |
Reporting | Reports error if: 1. response code is 404 ; 2. response code is documented, but not expected; 3. any unexpected exception. Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501 . Reports success if: 1. response code is expected, documented and matches response schema. |