API fuzz show alternative message when "body" is not available
Problem
Updates to the vulnerability details page change how HTTP messages are shown to users. The new format combines several fields into a text block. The field combination occurs for both requests and responses.
For requests the combination is: method
+ url
+ headers
+ body
. The body
field has been recently added and only used by API Fuzzing. When DAST vulnerabilities display, the body
field is not set. Users will not be able to distinguish between a provided body
field that is empty and when no body
field is included.
Solution
When body
is null
show a message telling the user body was not provided.
POST /api/xyz
Content-Type: application/json
<Message body is not provided>
Implementation Plan
- Default
body
value to<Message body is not provided>
Edited by Michael Eddington