added support & unit-tests for more fuzzing parts

[dpnishant]

Proposed changes

I have added support for specifying more parts in the fuzzing templates. This is in reference to Issue #4113

This PR includes code changes and unit-tests related to:

http:
  - raw: ...
    ...
    fuzzing:
      - part: body
     ...
...

and

http:
  - raw: ...
    ...
    fuzzing:
      - part: all
     ...
...

Behavior Explanation

• When http[].fuzzing[].part in the specified template is set to body, appropriate request body fuzzing shall be applied depending on whetherContent-Type: application/x-www-form-urlencoded or Content-Type: application/json or /graphql over Content-Type: application/json.

• When http[].fuzzing[].part in the specified template is set to all, fuzzing behavior shall occur as per expectation when part: query and part: headers along with request body fuzzing (as described above) in the order: Query Parameters then Header Values finally Body.

URL Encoded bodies

Supported

In the following example, all the repeating characters indicate that they shall be fuzzed, leaving other values intact

...
http:
  - raw:
      - |
        POST /?x=abc&y=def HTTP/1.1
        Host: {{Hostname}}
        Origin: http://example.com
        X-Forwared-For: 1337
        Content-Type: application/x-www-form-urlencoded
        Cookie: z=pqr; bb=pqr
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
        Accept-Language: en-US,en;q=0.9
        Connection: close

        key1=ddd&key2=aaa&key3=ccc
...

JSON bodies

All nested values (Arrays & Objects nested within Arrays & Objects) of type string are considered for fuzzing (either at parallelly or sequentially depending on the existing single or multiple mode) and all other types such as boolean, numbers etc. are ignored.

Supported

In the following example, all the repeating characters indicate that they shall be fuzzed, leaving other values intact

http:
  - raw:
      - |
        POST /?x=abc&y=def HTTP/1.1
        Host: {{Hostname}}
        Origin: http://example.com
        X-Forwared-For: 1337
        Content-Type: application/json
        Cookie: z=pqr; bb=pqr
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko)
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
        Accept-Language: en-US,en;q=0.9
        Connection: close

        {"key1":"ddd","key2":true,"key3":[1,"222"],"key4":{"key5":"aaa","key6":{"key7":["bbb", "ccc"]}}} 

GraphQL bodies

Requests with Content-Type: application/graphql is not supported in this PR. Only requests with path /graphql, Content-Type: application/json and request body having referenced variables i.e. .variables are supported in this PR.

Supported

In the following example, all the repeating characters indicate that they shall be fuzzed, leaving other values intact

http:
  - raw:
      - |
        POST /graphql/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        Content-Length: 149

        {
          "query": "mutation SetMessage($msg: String!, $name: String!) { setMessage(message: $msg, name: $name) }",
          "variables": {
              "msg": "aaa",
              "name": "bbb"
          }
        }

Not-yet supported

http:
  - raw:
      - |
        POST /graphql/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        Content-Length: 149

        { "query": "mutation { setMessage(message: \"Hey\", name: \"Nikoo\") }" }

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[ehsandeep]

@dpnishant FYI - #4477

[dpnishant]

Cool! Will close then and await merge.