⚔️
Carpa Security Book
  • 😎Introduction
  • 🔴Offensive Security
    • Reconnaissance & Information Gathering
      • Passive Reconnaissance
        • Reconnaissance Frameworks
        • Metadata Analysis
        • Domain & IP Enumeration
        • Social Media
        • Email Addresses
        • Search Engines
      • Active Recon
        • System & Network
          • Network & Port Scanning
          • Vulnerability Scanners
          • OS Fingerprinting & Service Identification
          • Network Mapping and Visualization
          • Service Enumeration
        • Web Application
          • Public Resource
          • Technology Mapping
          • Analyzing Client Side Code
          • Testing User Inputs and Controls:
          • Analyzing Server Responses and Error Messages:
          • API and Endpoint Analysis:
          • Session Management Analysis
          • Automated Vulnerability Scanning
          • Web Enumeration
        • Wireless Network Reconnaissance
    • Exploitation & Target Compromise
    • Privilege Escalation
    • Post Exploitation
      • Lateral Movement
    • Attacktive Directory
    • Credential Attacks
    • Wireless
    • Social Engineering
    • Web App PenTesting
    • Physical Security
  • 🔵Defensive Security
  • 🖥️Linux Commands
  • 🔠Certificates Prep
  • 🔗Training and Resources
Powered by GitBook
On this page
  1. Offensive Security
  2. Reconnaissance & Information Gathering
  3. Active Recon
  4. Web Application

API and Endpoint Analysis:

PreviousAnalyzing Server Responses and Error Messages:NextSession Management Analysis

Last updated 1 year ago

Active web application reconnaissance focused on API and Endpoint Analysis is crucial for uncovering potential vulnerabilities in web applications' backend services.

API and Endpoint Analysis Tools

: A popular tool for API testing that allows sending HTTP requests and analyzing responses.

Swagger UI: Helps visualize and interact with API resources without writing any custom logic.

Burp Suite: Offers functionality to analyze and modify web application traffic, including API calls.

Advanced REST Client (ARC): An open-source tool for working with web APIs; offers a way to test HTTP requests.

Fiddler: A free web debugging tool for logging HTTP/S traffic.

curl -X GET http://example.com/api
# Performs a GET request to the specified API endpoint.
curl -X POST -d '{"key1":"value1"}' http://example.com/api
# Sends a POST request with JSON data.
curl -X PUT -d 'data' http://example.com/api/1
# Sends a PUT request to update data.
curl -H "Content-Type: application/json" -X POST -d @filename.json http://example.com/api
# Sends data from a file as a POST request.
curl -o output.html http://example.com
# Downloads and saves the output to a file.

Apigee: Provides API management and predictive analytics software.

HTTPie (CLI-based): A user-friendly HTTP client, a modern alternative to curl and wget.

http GET http://example.com/api/resource
# Fetches a resource using GET request.
http POST http://example.com/api/resource key=value
# Sends a POST request with data.
http --json POST http://example.com/api/resource name=John
# Sends a JSON POST request.
http --form POST http://example.com/api/resource name='John Doe'
# Submits form data.
http --download GET http://example.com/image.jpg
# Downloads a file.

Charles Proxy: Web debugging tool to monitor HTTP and HTTPS traffic between a client and server.

mitmproxy
# Runs the mitmproxy interactive interface.
mitmdump
# Runs mitmproxy in a non-interactive mode, dumping traffic.
mitmweb
# Runs the mitmproxy with a web-based interface.
mitmproxy -w outfile
# Records traffic to a file.
mitmproxy -r infile
# Reads traffic from a file.

Wireshark: Network protocol analyzer used for network troubleshooting and analysis.

JMeter: Application designed to load test functional behavior and measure performance of web applications.

OWASP ZAP API Scan (CLI-based): Automated scanner for finding vulnerabilities in web APIs.

zap-api-scan.py -t http://example.com/api/swagger.json
# Scans API defined in Swagger definition.
`zap-api-scan.py -t http://example.com/api /OpenAPI`
# Scans API defined in an OpenAPI specification.
zap-api-san.py -f openapi -t http://example.com/api/openapi.yaml
# Specifies the format of the API definition.
zap-api-scan.py -r report.html -t http://example.com/api
# Generates an HTML report of the scan.
zap-api-scan.py -z "-config scanner.attackOnStart=true" -t http://example.com/api
# Sets additional ZAP configuration parameters.

Telerik Fiddler: Captures HTTP and HTTPS traffic and logs it for the user to review.

: A modern, beautiful, and open-source API client.

(Mac Only): A full-featured HTTP client that lets you test and describe the APIs you build or consume.

(CLI-based): A command-line tool for getting or sending data using URL syntax.

: Open source tool for testing SOAP and REST APIs.

(Java library): Java DSL for easy testing of REST services.

(CLI-based): An interactive HTTPS proxy for intercepting and modifying HTTP traffic.

: Web-based tool to check how HTTP resources are served and cached.

: Automated API testing and monitoring platform.

🔴
Insomnia
Paw
Curl
SoapUI
REST-Assured
Mitmproxy
RedBot
API Fortress
Postman