Cyber Security | Web Development

 Attacking Token via Sequencer Step 1: Log in to the application and retrieve the token value from the response header Step 2: Before click the start live capture > Make sure configure the settings as show in the below images. Step 3: Make sure highlight the token value. Step 4: Click "Analyze Now" to determine the strength of the token value. Step 5: Use decoding techniques for the token.

 API Enumeration - Fuzzing The following of endpoints which can be test for Fuzzing Paths: Example's of Endpoints: v2, resources, books, published, or 1993 Command - 1: wfuzz -c -z file,/usr/share/wordlists/dirb/common.txt --sc 200 'http://www.example.com/api/v1/books?show= FUZZ ' Command - 2: gobuster dir -w /usr/share/wordlists/dirb/common.txt - u http://<IP> API's Enumeration via Source code discovery Finding the endpoints from the Source Code via Browser Note: JsCode Formatter: https://beautifier.io/ Thank You :) See you in Next Topic...

Interaction with API Endpoints Manipulation      Testing Scope: https://catfact.ninja/#/Facts There are ways to validate the endpoints through: 1. Browser 2. Burp Suite 3. Postman 4. Curl Command Note: Based on your situation, we can use the tools.. Query: Returns a random fact with  MAX_LENGTH API End Point Validation: via Browser Web Browser : API End Point Validation: via  Burp Suite Positive Case: We are providing the expected input in the parameter.. Negative Case: We are trying to provide unexpected input in the parameter.. (Eg Input: -1)  - Verify whether the application properly handled error exceptions or not. API End Point Validation: via  Postman API End Point Validation: via  Curl Command Thank You :) See you in Next Topic...

 What is an API  An API (Application Programming Interface) is a set of protocols and tools that allows different software applications to communicate with each other, enabling them to exchange data and functionality seamlessly. Scenario API as a messenger that takes requests and tells a system what you want to do, and then returns the response back to you. It's like a waiter in a restaurant. You tell the waiter (API) what you want (your request), and the waiter takes your request to the kitchen (the system), and then brings you back what you asked for (the response). So, an API essentially allows different applications to talk to each other and work together, just like a waiter helps you communicate your order to the kitchen and brings you your food. Sample Graphical Image Tools Requirements 1. Burp Suite 2. Postman 3. Web Browser 4. Curl Command