Execute
After determining that an endpoint is eligible for a YAML Test, it is forwarded to the execution step. This section is used to describe actions/modifications to achieve the desired test request body.
Syntax
Execute operators can be of the following types -
add_body_param
Add a new key/value pair in the request payload at the root
modify_body_param
Modify value of an existing key in the request payload at any position. If the key is missing, executor engine ignores the step and moves on to next operation
delete_body_param
Delete an existing key in the request payload at any position. If the key is missing, executor engine ignores the step and moves on to next operation
replace_body
Replace the entire request body with the supplied input
add_header
Add a new key/value pair in the request headers
modify_header
Modify value of an existing header key in the request headers. If the header key is missing, executor engine ignores the step and moves on to next operation
delete_header
Delete an existing header key in the request headers. If the header key is missing, executor engine ignores the step and moves on to next operation
add_query_param
Add a new key/value pair in the query params
modify_query_param
Modify value of an existing key in the query params. If the key is missing, executor engine ignores the step and moves on to next operation
delete_query_param
Delete an existing key in the query params. If the key is missing, executor engine ignores the step and moves on to next operation
modify_url
Modify url to desired value. Supports entire url replacement, as well as replacing just a substring
modify_method
Modify http method to desired method value
remove_auth_header
Remove Auth Headers in the request headers. If auth headers are missing, this operation throws an error and aborts the test for the endpoint
replace_auth_header
Replace the auth header by headers in User config
section. If you are using JWT tokens, you can replace them too using JWT-specific instructions
follow_redirect
Specify whether the test attempt should follow redirect or not. By default follow redirect is set to $true$
attach_file
Replaces the request body by the contents of the file
jwt_replace_body
Replace JWT body with given content
add_body_param
Used for adding a new key/value pair
in the request payload at the root. This takes 2 params, key and value.
Example 1
Original
request body of the endpoint you are trying to test:
Let’s say we want to add key (”status”) with value → “admin”
Sample Yaml
to modify request body
Modified
request body of the endpoint you are trying to test:
modify_body_param
Used for modifying value of an existing key
in the request payload at any position. If the key is missing, executor engine ignores the step and moves on to next operation. This takes 2 params, key
and value
.
Example 1
Original
request body of the endpoint you are trying to test:
Let’s say we want to modify key (”user”) with value → “admin”
Sample Yaml
to modify request body
Modified
request body of the endpoint you are trying to test:
delete_body_param
Used for deleting an existing key
in the request payload at any position. If the key is missing, executor engine ignores the step and moves on to next operation. This takes single param, key.
Example 1
Original
request body of the endpoint you are trying to test:
Let’s say we want to remove key (”isActive”)
Sample Yaml
to modify request body
Modified
request body of the endpoint you are trying to test:
replace_body
Used for replacing the entire request body
with the supplied input. This takes 1 param, new payload.
Original
request body of the endpoint you are trying to test:
Let’s say we want to replace the above payload with below new payload
Sample Yaml
to modify request body
add_header
Used for adding a new key/value pair
in the request headers. This takes 2 params, key and value.
Example 1
original
header of the endpoint you are trying to test:
Let’s say we want to add a new header (”Host”) with value → “xyz.evil.com”
Sample Yaml
to modify request header
Modified
request header of the endpoint you are trying to test:
modify_header
Used for modifying value of an existing header key in the request headers. If the header key is missing, executor engine ignores the step and moves on to next operation. This takes 2 params, key and value.
Example
original
header of the endpoint you are trying to test:
Let’s say we want to modify key (”Authorization”) with a different user token value →
Sample Yaml
to modify request header
Modified
request header of the endpoint you are trying to test:
delete_header
Used for deleting an existing header key in the request headers. If the header key is missing, executor engine ignores the step and moves on to next operation. This takes a single param, key.
Example 1
original
header of the endpoint you are trying to test:
Let’s say we want to modify key (”Authorization”) with a different user token value →
Sample Yaml
to delete request header
Modified
request header of the endpoint you are trying to test:
add_query_param
Used for adding a new key/value pair in the query params. This takes 2 params, key and value.
Example 1
original
url of the endpoint you are trying to test:
Let’s say we want to add a new query param (”admin”) with value → true
Sample Yaml
to add query params
New
query params in the url of the endpoint you are trying to test:
modify_query_param
Used for modifying value of an existing key in the query params
. If the key is missing, executor engine ignores the step and moves on to next operation. This takes 2 params, key and value.
Example 1
original
url of the endpoint you are trying to test:
Let’s say we want to modify query param (”user”) with value → 4
Sample Yaml
to modify query params
modified
query params in the url of the endpoint you are trying to test:
delete_query_param
Used for deleting an existing key in the query params
. If the key is missing, executor engine ignores the step and moves on to next operation. This takes single params, key.
Example 1
original
url of the endpoint you are trying to test:
Let’s say we want to delete query param (”active”)
Sample Yaml
to modify query params
modified
query params in the url of the endpoint you are trying to test:
modify_url
Used for modifying url to desired value. Supports entire
url replacement, as well as replacing just a substring
.
Replace entire url
original
url of the endpoint you are trying to test:
Let’s say you want to replace this with the below url -
Sample Yaml
to modify url
Replace based on regex
original
url of the endpoint you are trying to test:
Let’s say i just want to replace v2 with v1 in the above url -
Sample Yaml
to modify url
👉🏻 **In simple language:** The above yaml syntax is modifying request url by replacing specified regex string match with v1/
modified
url of the endpoint you are trying to test:
Insert token in url
You can use token_insert
to insert a token (Eg 123
) in the url.
eg. if you want to convert /api/v1/user/orders to /api/v1/user/123/orders, you can do:
Replace token in url
You can use token_replace
to insert a token (Eg 123
) in the url.
eg. if you want to convert /api/v1/user/456/orders to /api/v1/user/123/orders, you can do:
modify_method
Used for modifying http method to desired method value. This takes a single param, new method value.
Example 1
original
url of the endpoint you are trying to test:
Let’s say we want to modify method value to PUT
Sample Yaml
to modify method
modified
url of the endpoint you are trying to test:
remove_auth_header
Used for Removing Auth Headers in the request headers
. If auth headers are missing, this operation throws an error and aborts the test for the endpoint. (Refer to Auth section for better understanding on how auth headers are picked by yaml execution engine.)
Example 1
original
headers of the endpoint you are trying to test:
Let’s say we want to remove the auth header for the test request(in this case auth header is - “Authorization”). Prerequisite: the auth has to be configured in auth types in the dashboard for the below execute section to identify authorization key.
Sample Yaml
to remove auth headers
modified
headers of the endpoint you are trying to test:
replace_auth_header
Used in many tests where we need to replace the auth header and inject a malicous auth header instead. This flag removes all the auth headers (including custom auth types) before adding malicious auth headers.
Example 1 - replace auth token by attacker's token
This assumes you have set attacker credentials in User config
section.
Sample YAML to replace headers by attacker's tokens
modified headers will now look like:
Example 2 - modify JWT auth token
Used in Broken Authentication tests to exploit JWT-related vulnerabilities. For example, invalidating signature, setting algo to None
etc. Possible values are
${auth_context.none_algo_token}
- modify JWT token and set algo=NONE${auth_context.invalid_signature_token}
- modify JWT token and make signature invalid (by appending extra characters to signature)${auth_context.jku_added_token}
- modify JWT token by adding a JKU parameter in headers${auth_context.jwk_added_token}
- modify JWT token by adding JWK-related parameters in headers${auth_context.kid_added_token}
- modify JWT token by adding kid parameter in headers
Sample YAML to use the above instructions -
Modifies the headers by invalidating signature
follow_redirect
Used for specifying whether the test attempt should follow redirect or not
, in case the response received if of redirect type. By default follow redirect is set to true. This takes a single boolean argument(true/false)
Sample Yaml
****For Disabling Redirect
attach_file
Used to replace the request body by the contents of the file. This is useful for APIs that take file an input. Users can test such APIs by passing files with malicious content.
Sample Yaml for attach_file
jwt_replace_body
Used to replace the jwt body. This just replaces the payload. It keeps headers and signature the same as original JWT token
Sample yaml
Modified token looks like -
Combining multiple conditions in Execute
Let’s see a few examples on how we can combine multiple execution operations into a test -
Example 1
Scenario -
add
body_param (”status”) with value → “admin” in request payloadmodify
Request Method To Postdelete
QueryParam with key (”userId”)
Sample Yaml -
Example 2
Scenario -
delete
auth header from requestadd
Header (”origin”) with value → xyz.evil.com
Sample Yaml -
Last updated