How this template works
APIs Selection
The API selection filters in this template are used to filter and select specific API requests based on certain criteria. In this case, the filters include response code, request headers, and URL. The filters ensure that only API requests with a response code between 200 and 299, containing a specific request header key-value pair (JSESSIONID), and having a URL that contains certain keywords (login, signin, sign-in, log-in) are selected for further processing.
Execute request
The execute section in this template specifies the type of request to be executed and provides instructions for modifying the URL of the selected API requests. In this case, the type is set to "single" indicating that each selected API request will be executed individually. The modify_url instruction uses the extracted URL variable (urlVar) to modify the URL of each request.
Validation
The validation section defines the validation rules for the API responses. In this template, there are two validation rules specified using the "or" operator. The first rule checks if the response headers do not contain the "set-cookie" header. The second rule checks if the response headers contain the "set-cookie" header with a value that contains the extracted session value. These validation rules ensure that the API responses either do not contain the "set-cookie" header or contain it with the expected session value.
Frequently asked questions
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable
