20Eyl
Is there an automated way to generate a valid API request from Swagger docs?
I am doing a pentest which includes an API and all I have access to is Swagger UI docs. The Swagger docs don't show me real-world data in the examples, nor do they offer a "try request" option. Some of these requests are huge POST requests and without deeper knowledge of the inner workings of the application, it's not clear some of the expected data formats (e.g. it says "string" but actually some fields are expected to base Base64, etc...). Is there some way to scan a Swagger doc and auto-generate valid data using a web pentesting tool?
