Application Analysis Methods

How to Find HTTP Requests to Fuzz Using Spring, OpenAPI

There are several methods that can be used to analyze your web app and find out what HTTP requests you can fuzz.

Spring / Spring Boot

This method analyzes Spring framework's functionality and will work out of the box if your application's controllers are written using Spring/Spring-Boot. It is recommended to use this method when possible.

OpenAPI (Formerly Swagger)

Make sure your API description has a valid syntax. For example, an online tool can be used.

Save the API in JSON or YAML format to a file inside your project directory. You will then be able to select it in the application analysis wizard.

If the file is not selectable there, you may need to initialize your project again. To do this, select the pen icon in the upper right corner and complete the project creation wizard again.

You should then be able to see your HTTP request templates.

You can continue with Creating a Web Application Fuzz Test