Skip to main content

Very Large Strings

ItemDescription
Full Fuzzer NameVeryLargeStringsInHeadersFuzzer
Log KeyVLSIH
DescriptionThis fuzzer will send very large strings in headers. The expectation is that APIs will reject the request as invalid as they might potentially break downstream systems. Furthermore, APIs should update their specs to define clear boundaries (minimum, maximum, minLength, maxLength).
Enabled by default?Yes
Target header typesAll
Expected result when fuzzed header is required4XX
Expected result when fuzzed header is optional4XX
Fuzzing logicIteratively replaces headers with very large strings with 40 000 characters.
Conditions when this fuzzer will be skippedNone
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.