Hacking APIs: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
Line 1: Line 1:
== Labs ==
== Labs ==
* [https://academy.hackthebox.com/course/preview/web-service--api-attacks Web Service & API Attacks] [Paid]
* HackTheBox (HTB) Academy: [https://academy.hackthebox.com/course/preview/web-service--api-attacks Web Service & API Attacks] [Paid]
* [https://tryhackme.com/room/owaspapisecuritytop105w OWASP API Security Top 10 - 1] [Paid]
* TryHackMe (THM): [https://tryhackme.com/room/owaspapisecuritytop105w OWASP API Security Top 10 - 1] [Paid]
** [https://tryhackme.com/room/owaspapisecuritytop10d0 OWASP API Security Top 10 - 2] [Paid]
** TryHackMe (THM): [https://tryhackme.com/room/owaspapisecuritytop10d0 OWASP API Security Top 10 - 2] [Paid]


== Prerequisite reading ==
== Prerequisite reading ==

Revision as of 17:26, 7 August 2023

Labs

Prerequisite reading

Tools

Fuzzing

Wordlists

  • Web API specific wordlists - See Fuzzing:
  1. https://wordlists-cdn.assetnote.io/rawdata/kiterunner/routes-large.json.tar.gz
  2. https://wordlists-cdn.assetnote.io/data/kiterunner/routes-large.kite.tar.gz
  3. https://wordlists-cdn.assetnote.io/rawdata/kiterunner/routes-small.json.tar.gz
  4. https://wordlists-cdn.assetnote.io/data/kiterunner/routes-small.kite.tar.gz
  5. https://wordlists-cdn.assetnote.io/rawdata/kiterunner/swagger-files.tar
  6. https://wordlists-cdn.assetnote.io/data/kiterunner/swagger-wordlist.txt

Intercepting proxies

These let you view, edit, and replay requests, and are extremely useful for finding vulnerabilities in web, mobile and API applications.

Retrieved from "https://enlacehacktivista.org/index.php?title=Hacking_APIs&oldid=1415"