Comments (5)
aress31
commented on September 28, 2024
1
@eoftedal that is a fair request, I will add it to the to do list.
Thanks,
Alex
from openapi-parser.
aress31
commented on September 28, 2024
1
@eoftedal I rewrote swurg from scratch - the version 2.0 is out.
In this version, I use the official Swagger Parser Java library rather than my own implementation. I also use the IExtenderHelpers interface provided by the Burp Suite APIs to build the requests to send to the Active Scanner, Intruder and Repeater.
At the moment, the Burp Suite APIs does not enable adding in body JSON and XML parameters - read the following:
/**
* This method adds a new parameter to an HTTP request, and if appropriate
* updates the Content-Length header.
*
* @param request The request to which the parameter should be added.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be added. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the new parameter added.
*/
byte[] addParameter(byte[] request, IParameter parameter);
I added a post to the Burp Suite APIs repository asking whether they are planning to correct this. I am now waiting for an answer from them.
Best regards,
Alex
from openapi-parser.
aress31
commented on September 28, 2024
@eoftedal, thanks for the feedback.
This behavior is expected, as you can see in the JSON swagger file at http://petstore.swagger.io/v2/swagger.json the pet endpoint produces and consumes data of type application/json, application/xml. Consequently, a work around for your use case would be to manually edit the Swagger file and replace application/json, application/xml with application/x-www-form-urlencoded if what you want is to change the Accept and Content-Type headers.
See the following screenshot.
Hope my answer will help you.
from openapi-parser.
eoftedal
commented on September 28, 2024
If the endpoint consumes application/xml and application/json, why does swurg create a request of type application/x-www-form-urlencoded ?
I would like swurg to put JSON in the body, not application/x-www-form-urlencoded when the content-type from swagger clearly says application/json. Is it because of the duplicate content-types ?
from openapi-parser.
aress31
commented on September 28, 2024
from openapi-parser.
Related Issues (20)
- [BUG] Gracefully Handle lack of "servers" object HOT 1
- [BUG] Can't build HTTP request for repeater and other burp tools HOT 4
- [FEATURE] Send to Organizer HOT 2
- Suggest adapting to importing JSON files exported from Metersphere
- OpenAPI parser doesn't load the swagger file HOT 7
- Feature request: Use Hackvertor tabs HOT 1
- Error: User Token doesn't adhere to regular expression ^[a-zA-Z0-9\.\-_]+$]
- Bypass SSL error certificate HOT 6
- OpenAPI parser doesn't load the swagger file in YAML format HOT 1
- Parsing errors on various openapi specs HOT 1
- Cannot invoke "io.swagger.v3.oas.models.OpenAPI.getServers()" because "openAPI" is null HOT 2
- Issue when loading a swagger HOT 2
- Support for JSON body types HOT 1
- parseAccept throws null pointer exception when content is not set HOT 1
- Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" HOT 1
- Failed to build - github CI action? HOT 3
- Extension Doesnt Load Swagger File - AD credentials dont confirm to REGEX
- [BUG] issue when importing Swagger file "Cannot invoke "io.swagger.v3.oas.models.media.Content.entrySet()" HOT 6
- [BUG] OpenAPI Spec Failing to Parse HOT 7
- How to identify the parameter value in the path url ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openapi-parser.