🎉 Requestly joins BrowserStack to build the future of application testing. Read more

Understanding Modify Request Body Rule (REST & GraphQL)

Kanishk Rawat
Learn how to use the Modify Request Body rule in Requestly to tweak request data, including REST and GraphQL—for testing, debugging, and development.

The Modify Request Body Rule in Requestly lets you tweak the data sent in the request body, including REST JSON payloads and GraphQL queries/mutation variables, before it’s sent to the server. This feature is crucial for developers and testers, giving them the power to simulate different situations, troubleshoot problems, and refine their web applications without having to directly change the main code.

Video Guide

Step-by-Step Guide

To fully utilize the feature, let’s walk through the setup process:

      1. Setup: Start by installing Requestly extension in your browser and navigate to the Rules section.

      1. Creating a Rule: Select the Modify Request Body option and define the conditions under which the rule should be applied.

      1. Specify Modification: Choose how you want to modify the request body, Static or Programmatic. (Programmatic is great for changing specific GraphQL variables or parts of a JSON payload.)

      1. Define Text: Enter the necessary text details based on your chosen modification method.

      1. Save and Apply: Save the rule and ensure it’s applied, then proceed to test your modifications on the target webpage.

    Options

    Below are details related to each option present on the Insert Script Rule Screen:

        • Source Condition: This condition helps identify the HTTP requests to which the rule should be applied. Users can specify conditions based on URL, Hostname, or Path using matching criteria such as Contains, Equals, Regex match, or Wildcard Match.

        • Source Filters: Further refine the Source Condition using Source Filters, accessible via the filter icon next to the Source Condition field.

        • Modify Request Body: Define how you want to modify the request body. Options include Static (replace entire body) and Programmatic (scripted edits). Works for REST payloads and GraphQL query/variables objects.

      Use Cases

      The Modify Request Body Rule offers a multitude of applications. Here are some scenarios where it proves particularly beneficial:

      Testing Form Submissions

      During development or testing phases, users can simulate various form submissions by modifying the request body. This enables thorough testing of form validation, error handling, and data processing mechanisms.

      To simulate form submissions:

          1. Create a new Modify Request Body rule .

          1. Filter the form submission request you intend to modify

          1. Adjust the request body to mimic various scenarios, such as different user inputs

          1. Submit the modified form requests.

          1. Verify the behaviour of form validation, error handling, and data processing to ensure they meet the desired requirements

        Debugging API Calls (REST & GraphQL)

        Troubleshooting issues with API calls becomes more efficient with the ability to tweak the request body on-the-fly. Developers can quickly identify and rectify issues without altering the application’s codebase.

        To debug API calls:

            1. Create a new Modify Request Body rule.

            1. Filter the API call that needs debugging

            1. If it’s GraphQL, target the /graphql endpoint and modify the “query” or “variables” fields as needed.

            1. Adjust the payloads as necessary to reproduce the issue.

            1. Submit the modified API request.

            1. Observe the response and debug any errors or unexpected behaviour encountered

          Security Testing

          By altering request parameters or payloads, security professionals can evaluate an application’s resilience to common vulnerabilities such as SQL injection or Cross-Site Scripting (XSS).

          To conduct security testing:

              1. Create a new Modify Request Body rule.

              1. Identify the endpoints or functionalities susceptible to security vulnerabilities.

              1. Inject malicious payloads to test for vulnerabilities like SQL injection or XSS.

              1. For GraphQL, try altering nested variables, unauthorized fields, or overly deep queries to probe authorization and depth limits.

              1. Submit the modified requests and observe the application’s response.

              1. Analyze how the application handles the modified requests and assess its resilience against security threats.

            Troubleshooting

            There are some cases where rules might not work as expected, visit our troubleshooting guide for more details.

            Written by
            Kanishk Rawat
            Kanishk Rawat, a tech enthusiast since childhood, has mastered programming through dedication. Whether solo or in a team, he thrives on challenges, crafting innovative solutions .

            Related posts