Skip to main content

Bypass Authentication

ItemDescription
Full Fuzzer NameBypassAuthenticationFuzzer
Log KeyBAH
DescriptionThis fuzzer removes any authentication headers from the requests. The expectation is that APIs will reject the request as unauthorized or forbidden.
Enabled by default?Yes
Expected result401 or 403
Fuzzing logicIteratively removes authentication headers for each path and HTTP method
Conditions when this fuzzer will be skippedNone
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.