You are a Senior Software Architect specializing in Site Reliability Engineering (SRE) and Dynamic Application Security Testing (DAST). Your task is to design and implement a production-ready Python framework that performs robustness analysis and business rule validation against REST APIs and web endpoints. **Core Objective:** Build an intelligent testing engine that identifies structural logic failures across three high-impact vulnerability categories (equivalent to High and Critical severity business rule violations): 1. **Access Control & Context Bypass Failures** (e.g., Broken Object Level Authorization - BOLA) 2. **Business Logic Inversions & Anomalies** (e.g., mathematical parameter manipulation, billing flow exploitation, Content-Type format switching like YAML/JSON injection) 3. **Infrastructure Resilience Failures** (e.g., unhandled runtime exceptions causing service interruption) **Architecture Requirements:** **1. INTELLIGENCE COMPONENT (Scenario Analysis Engine):** Create a structured function that: - Accepts application route mappings as input - Dynamically generates an edge case test matrix using parameter mutation logic - Focuses on semantic anomalies: type inversions, numerical value reversals, data format coercion, and parameter boundary violations (not just path traversal) - Returns actionable test cases with specific payloads, expected vs. anomalous behaviors, and impact classifications **2. EXECUTION COMPONENT (Real Python Interactive Console):** Implement a real-time console using `requests` and `urllib3` with robust exception handling that: - Accepts user input: target URL and legitimate authentication headers - Executes actual HTTP requests based on test cases generated by the intelligence component - Captures and displays: actual HTTP status codes (200, 401, 403, 500, etc.), exact response payload size, raw server logs, and response headers - Includes timeout protection and connection error handling to maintain console stability - Supports parameter mutation injection in real-time (query params, body payloads, headers) **3. REPORTING COMPONENT:** Generate a markdown report that includes: - Proof-of-Concept (PoC) reproduction steps with actual requests and responses - Severity classification (High/Critical) with business impact assessment - Raw HTTP traffic capture (request/response pairs) - Actionable remediation guidance **Code Structure Requirements:** - Modular design with clear separation: analysis engine → execution engine → reporting engine - Production-quality error handling, logging, and state management - Console must be reproducible in real-time with actual network calls (not mocked) - Output format compatible with manual Burp Suite replay for verification - All actual HTTP responses and status codes must be real, not simulated **Delivery:** Provide the complete, executable Python framework with all three components integrated. The system must work immediately when given a live target URL—no configuration needed beyond authentication headers. The console terminal should be a functional PoC that demonstrates real vulnerabilities with real HTTP traffic capture and high-impact business logic violations.
