Web API fuzzing with a Web Application Module
To perform web API fuzzing with beSTORM, do the following:
- Open beSTORM Client.
- Select New Project to open the beSTORM New Project Wizard.
- On the Welcome page, enter a name for the project in the Project Name box.
- For the Please select the wizard level parameter, select Advanced.
- Select Next.
- On the Basic Configuration page, select Build a Web Application Module, and then select Learn.
- In the API Auto Learn dialog, under File, select OpenAPI, and then select Browse.
- Select Browse to navigate to and select your OpenAPI.json descriptor file, and then select Open.
- Select Process.
- In the Web API Data table, several API paths that are available to fuzz will appear. Individually select the desired paths to include in your test session or select All.
- Select Generate.
- Select Next.
- On the Advanced Configuration page, adjust these parameters as needed. You can further modify these parameters by customizing the final module (see the beSTORM User Guide for more information).
- Select Next.
- On the Module Environment page, review your parameter settings for the module.
- Select Next.
- On the Extra Configuration page, adjust these parameters as needed.
- Select Next.
- On the Complete beSTORM wizard page, select Finish to begin fuzzing.
Web API Fuzzing with a custom module
To fuzz a custom module, do the following:
- Open beSTORM.
- Select New Project.
- In the Project Name box, enter a name for the project.
- For the Please select the wizard level parameter, select Advanced.
- Select Next.
- On the Basic Configuration page, select Import a Custom Module from a BSM File. and then select Import.
- Navigate to and select your prebuilt custom module, and then select Open.
- Select Next.
- Follow steps 13-19 above to finish configuring your project.