Skip to main content

Only Control Characters

ItemDescription
Full Fuzzer NameOnlyControlCharsInHeadersFuzzer
Log KeyOCCIH
DescriptionThis fuzzer replaces headers with unicode control characters. The expectation is that APIs will reject the requests as invalid.
Enabled by default?No. You need to supply --includeControlChars argument
Target headers typesAll
Expected result when fuzzed header is required4XX
Expected result when fuzzed header is optional4XX
Fuzzing logicIteratively replaces headers with control characters
Conditions when this fuzzer will be skippedNone
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.