For Swagger authorizations like the basic token, the default method option should be selectable. A default Custom-Header is added, but problems arise when it's based on the existing token. For example, there should be an option for basic token logins.
This plugin should include support for local or online LLM. This feature should allow for automatic data addition based on parameter type. A feature to identify vulnerabilities like iDOR could also be added to this LLM.
Authorization: Basic base64(username:password)
Authorization: Bearer
X-API-Key: your_api_key
Basic
API Key
Bearer
JWT
OAuth2
These SJ features can generally be added to this plugin. All these requests will appear in Burp requests in this way, and the desired header will be added without any problems.
https://github.com/BishopFox/sj/
sj automate -u https://petstore.swagger.io/v2/swagger.json -q -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30" -p http://127.0.0.1:8080/ --insecure
In general, do you have a chance to review these plugins and add their best features to this one? Overall, these API parser programs really have a good interface and performance, and you're doing a good job with this plugin. I just wanted to offer these as suggestions. If all these plugins' features were combined into one plugin, this would be it.
https://github.com/rawatprince/SpecOps
https://github.com/deFr0ggy/APICollector
https://github.com/Q0120S/Swagger-API-Tester
https://github.com/zalakamal08/Postman2burp
https://github.com/Sugobet/API_Sword
https://github.com/afandiyevm/swagger2sqlmap
For Swagger authorizations like the basic token, the default method option should be selectable. A default Custom-Header is added, but problems arise when it's based on the existing token. For example, there should be an option for basic token logins.
This plugin should include support for local or online LLM. This feature should allow for automatic data addition based on parameter type. A feature to identify vulnerabilities like iDOR could also be added to this LLM.
Authorization: Basic base64(username:password)
Authorization: Bearer
X-API-Key: your_api_key
Basic
API Key
Bearer
JWT
OAuth2
These SJ features can generally be added to this plugin. All these requests will appear in Burp requests in this way, and the desired header will be added without any problems.
https://github.com/BishopFox/sj/
sj automate -u https://petstore.swagger.io/v2/swagger.json -q -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30" -p http://127.0.0.1:8080/ --insecure
In general, do you have a chance to review these plugins and add their best features to this one? Overall, these API parser programs really have a good interface and performance, and you're doing a good job with this plugin. I just wanted to offer these as suggestions. If all these plugins' features were combined into one plugin, this would be it.
https://github.com/rawatprince/SpecOps
https://github.com/deFr0ggy/APICollector
https://github.com/Q0120S/Swagger-API-Tester
https://github.com/zalakamal08/Postman2burp
https://github.com/Sugobet/API_Sword
https://github.com/afandiyevm/swagger2sqlmap