This post will help you if you are testing an API, you are at the recon stage and you want to generate your own OpenAPI 3.0 documentation for your target, which you can then open as a collection in Postman to start probing for vulnerabilities. Here, we are going to use Firefox’s developer tools...
Using Kiterunner with routes-large.kite
So you’ve chosen Kiterunner as your preferred tool for fuzzing APIs ? Good for you (I’ll go into more detail about Kiterunner in a later post – stay tuned). But if you are using a virtual machine to host the linux system you use for your hacking (which I very much recommend) and installed...
Make crAPI accessible on a network
Need to practice your API hacking skills? crAPI is for you. OWASP’s completely ridiculous API (crAPI) is one of several vulnerable apps you can set up as a target on your network. You’ll find installation instructions here. But there’s a catch. Once you have successfully run through the instructions, you will have a functioning...