Can I fuzz an API that is protected with Authentication?

Hi there! How can I fuzz an API that is protected with Authentication?

Mayhem for API has built-in support for the following authentication schemes:

  • Basic authentication
  • Header-based authentication (ie: bearer tokens)
  • Cookie-based authentication.

If you require something more complex, you can use the “Request Rewrite Plugin” to implement any authentication scheme you may need.

For more details, please visit our documentation on authentication: