In [35]:
from fuzzingbook.GeneratorGrammarFuzzer import ProbabilisticGeneratorGrammarFuzzer
from fuzzingbook.APIFuzzer import ASCII_STRING_GRAMMAR
from fuzzingbook.GrammarFuzzer import GrammarFuzzer
from fuzzingbook.Grammars import *
from dotenv import load_dotenv
from tqdm import tqdm
import requests
import socket
import json
import os

In [None]:
def get_ip_adress():
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.connect(("8.8.8.8", 80))
    result = s.getsockname()[0]
    s.close()

    return result


get_ip_adress()

In [3]:
def getAllAlbums(url, BEARER_TOKEN):
    payload = {}
    headers = {
        'Accept': 'application/json',
        'Authorization': f'Bearer {BEARER_TOKEN}'
    }

    return requests.request("GET", url, headers=headers, data=payload)

In [None]:
# Load environment variables
load_dotenv()

# Get the host URL
host_url = f"http://{get_ip_adress()}:2283"

# Get the bearer token
BEARER_TOKEN = os.getenv('BEARER_TOKEN')
BEARER_TOKEN

In [140]:
import string

BEARER_TOKEN_GRAMMAR = {
    "<start>": ["<token>"],
    "<token>": [("<base64>", opts(prob=0)), ("<base64>.<base64>.<base64>", opts(prob=1)), ("<malformed_token>", opts(prob=0))],
    "<base64>": ["<chars>", "<chars>=*", "<chars>=="],
    "<chars>": ["<letter>", "<letter><chars>", "<digit>", "<digit><chars>"],
    "<letter>": srange(string.ascii_lowercase + string.ascii_uppercase),
    "<digit>": crange('0', '9'),
    "<malformed_token>": ["!", "$%^", "<chars>.", "<chars><chars>", ""]
}

assert is_valid_grammar(BEARER_TOKEN_GRAMMAR)

# Get API Key


In [75]:
UUID_GRAMMAR = {
    "<start>": ["<uuid>"],
    "<uuid>": ["<hex8>-<hex4>-<version>-<variant>-<hex12>"],
    "<hex8>": ["<hex><hex><hex><hex><hex><hex><hex><hex>"],
    "<hex4>": ["<hex><hex><hex><hex>"],
    "<version>": ["4<hex><hex><hex>"],  # Version 4 UUID
    # Variant 1
    "<variant>": ["8<hex><hex><hex>", "9<hex><hex><hex>", "a<hex><hex><hex>", "b<hex><hex><hex>"],
    "<hex12>": ["<hex><hex><hex><hex><hex><hex><hex><hex><hex><hex><hex><hex>"],
    "<hex>": ["<digit>", "<hexdigit>"],
    "<digit>": ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9"],
    "<hexdigit>": ["a", "b", "c", "d", "e", "f"]
}

assert is_valid_grammar(UUID_GRAMMAR)

In [None]:
fuzz = GrammarFuzzer(UUID_GRAMMAR).fuzz()
fuzz

In [77]:
def get_api_key(url, BEARER_TOKEN):
    payload = {}
    headers = {
        'Accept': 'application/json',
        'Authorization': f'Bearer {BEARER_TOKEN}'
    }

    return requests.request("GET", url, headers=headers, data=payload)

In [None]:
# Generate UUID from grammar
seed_input = GrammarFuzzer(UUID_GRAMMAR).fuzz()

# Mutate de UUID
mutation_fuzzer = MutationFuzzer(seed=[seed_input])
fuzz = [mutation_fuzzer.fuzz() for i in range(10)][-1]


# Get the API key
url = f"{host_url}/api/api-keys/{fuzz}"
response = get_api_key(url, BEARER_TOKEN)
response.json()


if response.status_code == 400:
    result = fuzz
else:
    result = response.json()
    print(fuzz)

result
# ?eb395150-70a8-4le-8eda-96ebaac0d4+74 # Invalid UUID but passes the API key endpoint

?eb395150-70a8-4le-8eda-96ebaac0d4+74


[{'id': '09115fc9-ce66-4f89-bc98-e2b62b93bd3b',
  'name': 'Clé API',
  'createdAt': '2025-01-03T17:53:11.144Z',
  'updatedAt': '2025-01-03T17:53:20.072Z',
  'permissions': ['all']},
 {'id': '9431dea8-5857-45fa-9f93-709b9c8adfad',
  'name': 'string',
  'createdAt': '2025-01-02T12:39:40.168Z',
  'updatedAt': '2025-01-02T12:39:40.168Z',
  'permissions': ['all']},
 {'id': '134bad8b-7d96-4d8f-b4fe-3ed8ea7ed1b1',
  'name': 'string',
  'createdAt': '2025-01-02T12:38:23.958Z',
  'updatedAt': '2025-01-02T12:38:23.958Z',
  'permissions': ['all']}]

This fuzz pass the endpoint but it's not a UUID : ?eb395150-70a8-4le-8eda-96ebaac0d4+74


In [187]:
fuzz = "?eb395150-70a8-4le-8eda-96ebaac0d4+74"
url = f"{host_url}/api/api-keys/{fuzz}"
response = get_api_key(url, BEARER_TOKEN)
response.json()

[{'id': '09115fc9-ce66-4f89-bc98-e2b62b93bd3b',
  'name': 'Clé API',
  'createdAt': '2025-01-03T17:53:11.144Z',
  'updatedAt': '2025-01-03T17:53:20.072Z',
  'permissions': ['all']},
 {'id': '9431dea8-5857-45fa-9f93-709b9c8adfad',
  'name': 'string',
  'createdAt': '2025-01-02T12:39:40.168Z',
  'updatedAt': '2025-01-02T12:39:40.168Z',
  'permissions': ['all']},
 {'id': '134bad8b-7d96-4d8f-b4fe-3ed8ea7ed1b1',
  'name': 'string',
  'createdAt': '2025-01-02T12:38:23.958Z',
  'updatedAt': '2025-01-02T12:38:23.958Z',
  'permissions': ['all']}]

# Create Activity


In [70]:
def createActivity(url, BEARER_TOKEN, comment, type):
    payload = json.dumps({
        "albumId": "d3f9b460-66e3-4298-afed-44473e3d136d",
        "assetId": "8d43cc36-e806-474d-a898-deff81604eca",
        "comment": comment,
        "type": type
    })

    headers = {
        'Content-Type': 'application/json',
        'Accept': 'application/json',
        'Authorization': f'Bearer {BEARER_TOKEN}'
    }

    return requests.request("POST", url, headers=headers, data=payload)

In [None]:
url = f"{host_url}/api/activities"

comment_fuzz = ProbabilisticGeneratorGrammarFuzzer(ASCII_STRING_GRAMMAR).fuzz()
type_fuzz = ProbabilisticGeneratorGrammarFuzzer(ASCII_STRING_GRAMMAR).fuzz()

response = createActivity(url, BEARER_TOKEN, comment_fuzz, type_fuzz)
response.json()

# Create User Admin


In [25]:
def createUserAdmin(url, BEARER_TOKEN, data):
    payload = json.dumps({
        "email": data["email"],
        "name": data["name"],
        "password": data["password"],
    })
    headers = {
        'Content-Type': 'application/json',
        'Accept': 'application/json',
        'Authorization': f'Bearer {BEARER_TOKEN}'
    }

    return requests.request("POST", url, headers=headers, data=payload)

In [5]:
EMAIL_GRAMMAR = {
    "<start>": ["<email>"],
    "<email>": ["<name>@<domain>"],
    "<name>": ["<word>", "<word>.<name>"],
    "<domain>": ["<domainpart>.<tld>"],
    "<domainpart>": ["<word>", "<word><domainpart>"],
    "<tld>": ["com", "org", "net", "io"],
    "<word>": srange(string.ascii_lowercase),
}

assert is_valid_grammar(EMAIL_GRAMMAR)

In [146]:
NAME_GRAMMAR = {
    "<start>": ["<name>"],
    "<name>": ["<word> <word>", "<word> <name>"],
    "<word>": srange(string.ascii_lowercase),
}

assert is_valid_grammar(NAME_GRAMMAR)

In [None]:
url = f"{host_url}/api/admin/users"
i = 0
y = []
for _ in enumerate(tqdm(range(100))):
    email_fuzz = GrammarFuzzer(EMAIL_GRAMMAR).fuzz()
    name_fuzz = ProbabilisticGeneratorGrammarFuzzer(
        ASCII_STRING_GRAMMAR).fuzz()
    password_fuzz = ProbabilisticGeneratorGrammarFuzzer(
        ASCII_STRING_GRAMMAR).fuzz()

    data = {
        "email": email_fuzz,
        "name": name_fuzz,
        "password": password_fuzz,
    }

    response = createUserAdmin(url, BEARER_TOKEN, data)

    if response.status_code == 500:
        print("Error : ", response.json())
        print(data)
        break

    if response.status_code == 201:
        i += 1
    else:
        y.append(response.json()["message"])

print("User created : ", i)
print(y)

- Failed when name or password is empty string
- failed when quotasize is a fixed value


In [None]:
import requests


url = f"{host_url}/api/admin/users"

payload = {}
headers = {
    'Accept': 'application/json',
    'Authorization': 'Bearer rDw9HVorPTNJynq03q4Fm7DbF7QWtxyoCajU739OQ'
}

response = requests.request("GET", url, headers=headers, data=payload)


response.json()