Tool-name: API FUZZ

111 views
Skip to first unread message

Testing

unread,
Jul 15, 2020, 3:49:44 PM7/15/20
to API Security Project

I have installed API Fuzzer two time but it gives me the Following error in kali-Linux.

ERROR:  Error installing bundler: The last version of bundler (>= 0) to support your Ruby & RubyGems was 1.17.3. Try installing it with `gem install bundler -v 1.17.3`bundler requires Ruby version >= 2.3.0. The current ruby version is 2.2.0.

Tim Jarzombek

unread,
Jul 15, 2020, 4:25:09 PM7/15/20
to API Security Project, testing...@gmail.com
Can you post additional details on what you're installing? I found one project on GitHub (https://github.com/Fuzzapi/API-fuzzer) that hasn't been updated in three years (July 15, 2017).

Looking at the error message, it looks like a ruby version upgrade is needed. Kali should have 2.7 if this page is right:  https://pkg.kali.org/pkg/ruby-defaults  

Adam Fisher

unread,
Jul 15, 2020, 4:34:30 PM7/15/20
to Testing, API Security Project
Have you followed this guide:  https://github.com/Fuzzapi/fuzzapi/issues/73 

This is what I followed, and it works for me.  However, overall I have not found this application useful for testing APIs.

 
image.png

Kind regards,

Adam





Adam Fisher
Principal Security Engineer
CISSP, CCSP, AWS Solutions Architect
MCA - Azure



On Wed, Jul 15, 2020 at 1:49 PM Testing <testing...@gmail.com> wrote:

I have installed API Fuzzer two time but it gives me the Following error in kali-Linux.

ERROR:  Error installing bundler: The last version of bundler (>= 0) to support your Ruby & RubyGems was 1.17.3. Try installing it with `gem install bundler -v 1.17.3`bundler requires Ruby version >= 2.3.0. The current ruby version is 2.2.0.

--
You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/b858e4d6-2481-4a40-98fe-38ccba7bd7b4n%40owasp.org.

Mukul Kantiwal

unread,
Jul 15, 2020, 4:35:29 PM7/15/20
to API Security Project
Just a suggestion from my side.
Try using fuzzapi available at https://github.com/Fuzzapi/fuzzapi
And instead of installing it yourself, try to use the docker container. Instructions are already available at github there.

Testing

unread,
Jul 16, 2020, 1:22:42 AM7/16/20
to API Security Project, mukk...@gmail.com
I have installed it in docker only bro...

Testing

unread,
Jul 16, 2020, 1:34:20 AM7/16/20
to API Security Project, Tim Jarzombek, Testing
I will try to update and let you know.
Thanks

Isabelle Mauny

unread,
Sep 9, 2020, 5:57:32 PM9/9/20
to API Security Project, testing...@gmail.com, Tim Jarzombek
Hello, 

I know this is a quite old thread, but there is another tool you might be interested to check that was open sourced by Yelp

It is recent, actively maintained, and allows to test for BOLA/IDOR vulnerabilities.

Cheers,
Isabelle.

erez....@owasp.org

unread,
Sep 12, 2020, 7:52:43 AM9/12/20
to Isabelle Mauny, API Security Project, testing...@gmail.com, Tim Jarzombek

Interesting, thanks for the lead!

 

Erez Yalon

OWASP API Security Project Co-Leader

 

Email:    erez....@owasp.org

Mobile: +972505977720

Image result for owasp banner

--

You received this message because you are subscribed to the Google Groups "API Security Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org.

image003.jpg
Reply all
Reply to author
Forward
0 new messages