1. Home
  2. Docs
  3. Examples
  4. HTTP Bearer-token Authentication

HTTP Bearer-token Authentication

Implementing authentication using Bearer tokens (RFC 6750) with FuzzLabs is a very similar process to what we have discussed when implementing HTTP Basic authentication. Therefore, instead of starting from scratch, this example assumes that the reader is already familiar with the topics and techniques discussed earlier.

This example is fairly simple and demonstrates a scenario where we already have obtained a token that we are going to provide to FuzzLabs manually in the Job Configuration.

Message Template

We can start out from the Unit template created in the HTTP Basic authentication example. To send a bearer token instead of the base64-encoded credentials, we have to create the appropriate Session Variable and adjust the Authorization header a bit. The Authorization header we need in this case look like this:

Authorization: Bearer ${token}

First, let’s create the Session Variable to hold our bearer token. A screenshot showing this can be seen below.

As the next step, we update our request template. We have to update the authorization type field and use a Reference primitive to refer to the value of the Token session variable within the Authorization header. This can be seen below.

You can download the JSON object of the above example from HERE. Then, you can copy-paste the JSON object into the editor by clicking on View > View Code in the editor menu. However, if you are new to FuzzLabs, we recommend creating this template manually.

Basic Flow Implementation

Now that the Unit template is ready, it is time to set up a basic Flow template to tell FuzzLabs what actions to perform during the test. First, we add three Actions to tell FuzzLabs to connect to the target, send a test case and finally, disconnect from the target. Next, we drag and drop our Unit template created previously onto the Send action so that FuzzLabs knows which Unit template to use to generate test cases. The relevant section of the HTTP Basic authentication example includes a video that demonstrates the process.

Job Configuration

The final step is to create a Job based on the Flow template created earlier. For this, we select our Flow template on the Templates page, then choose File > Create Job from the menu. When adding a new target to test during Job configuration, we can see that the Session Variables configuration section allows configuring the Token we defined. Even better, we can define a different token to be used for each target added to the Job configuration.

Was this article helpful to you? Yes No