Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

artillery-plugin-fuzzer

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

artillery-plugin-fuzzer

Fuzz your HTTP APIs with Artillery

  • 1.0.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
708
increased by40.48%
Maintainers
1
Weekly downloads
 
Created
Source

Artillery Fuzzer - easy fuzzing for HTTP APIs

This plugin makes it dead-easy to run some fuzz testing on your HTTP API with Artillery.

Use it to send unexpected and weird payloads to your endpoints, see what breaks and fix it to make your application more secure and more resilient.

The payloads generated by this plugin are based on the awesome Big List Of Naughty Strings.

Usage

Important: this plugin requires Artillery v1.5.8-4 or later.

Install the plugin with:

npm install artillery-plugin-fuzzer

Enable the plugin in your test script with:

config:
  plugins:
    fuzzer: {}

Then just use the {{ naughtyString }} variable as you would any other variable in your scenario:

- post:
    url: "/session"
    json:
      username: "{{ naughtyString }}"
      password: "secret"

A new value for the naughtyString variable will be generated for each new request in a scenario.

See the complete example in example.yaml

Why?

Runnning a quick test with this plugin against your app's backend can help uncover bugs, security issues and QA problems.

A Real World Example

Here's a sample payload sent by this plugin:

👾 🙇 💁 🙅 🙆 🙋 🙎 🙍

Something innocent like this could crash your application if it persists data in a MySOL database using the default settings. How? MySQL InnoDB engine uses the latin1 encoding by default.

Did you set the utf8 encoding on your database? You're still in trouble because those characters are outside the BMP and you need to have specified utf8mb4 and potentially made changes to your schema to be able to store them properly.

Modern software systems are incredibly complex. If you haven't tried it, assume it's broken.

Happy fuzzing!

Roadmap

Sending bnls payloads is a good start for a fuzzer, but it's only the first small step. We want to make Artillery a great tool for API fuzz testing. Got an idea for this plugin? Share your feedback in Issues.

License

MPL 2.0

Keywords

FAQs

Package last updated on 06 May 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc