Tool-name: API FUZZ

[Testing]

I have installed API Fuzzer two time but it gives me the Following error in kali-Linux.

ERROR:  Error installing bundler: The last version of bundler (>= 0) to support your Ruby & RubyGems was 1.17.3. Try installing it with `gem install bundler -v 1.17.3`bundler requires Ruby version >= 2.3.0. The current ruby version is 2.2.0.

[Tim Jarzombek]

Can you post additional details on what you're installing? I found one project on GitHub (https://github.com/Fuzzapi/API-fuzzer) that hasn't been updated in three years (July 15, 2017).

Looking at the error message, it looks like a ruby version upgrade is needed. Kali should have 2.7 if this page is right:  https://pkg.kali.org/pkg/ruby-defaults  

[Adam Fisher]

Have you followed this guide:  https://github.com/Fuzzapi/fuzzapi/issues/73 

This is what I followed, and it works for me.  However, overall I have not found this application useful for testing APIs.

 

Kind regards, Adam

Adam Fisher Principal Security Engineer CISSP, CCSP, AWS Solutions Architect MCA - Azure Ad...@salt.security / +1 (801) 616 9031 https://salt.security

On Wed, Jul 15, 2020 at 1:49 PM Testing <testing...@gmail.com> wrote:

I have installed API Fuzzer two time but it gives me the Following error in kali-Linux.

ERROR:  Error installing bundler: The last version of bundler (>= 0) to support your Ruby & RubyGems was 1.17.3. Try installing it with `gem install bundler -v 1.17.3`bundler requires Ruby version >= 2.3.0. The current ruby version is 2.2.0.

--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/b858e4d6-2481-4a40-98fe-38ccba7bd7b4n%40owasp.org.

[Mukul Kantiwal]

Just a suggestion from my side.

Try using fuzzapi available at https://github.com/Fuzzapi/fuzzapi

And instead of installing it yourself, try to use the docker container. Instructions are already available at github there.

[Testing]

I have installed it in docker only bro...

[Testing]

I will try to update and let you know.

Thanks

[Isabelle Mauny]

Hello, 

I know this is a quite old thread, but there is another tool you might be interested to check that was open sourced by Yelp

https://github.com/Yelp/fuzz-lightyear

It is recent, actively maintained, and allows to test for BOLA/IDOR vulnerabilities.

Cheers,

Isabelle.

[erez....@owasp.org]

Interesting, thanks for the lead!

 

Erez Yalon

OWASP API Security Project Co-Leader

 

Email:    erez....@owasp.org

Mobile: +972505977720

--

You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/6ba32ad9-b0d4-4c45-b291-a96513641328n%40owasp.org.