API Sniffing using Fiddler
API
Application Programming Interface aka API is a code that allows two different softwares to interact with each other. We will try to sniff Web API here. Web API are of mainly two types :- SOAP and REST.
SOAP API contains only headers while REST API contains headers as well as body.
Headers and body are used to send data to a server across the internet.
SNIFFING
If your APIs are insecure, a hacker can sniff them and modify it to cause damage to your server. Fiddler is one of the software which allows us to sniff API.
1) Download fiddler from https://www.telerik.com/download/fiddler and install it in Kali or Windows.
2) Install Fiddler and run it as Admin.
3) You will see a screen like this
4) Open any Url on your browser.
5) You will see that Requests will be captured there.
6) You can modify the body and headers and spoof a request.
7) To spoof a request, we will be using a google chrome plugin "Postman".
8) You can download it from
https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en
9)On opening it, you will see a screen like this.
10) Click on Request and name it anything that you like.
11) Now Select the Request type which you want to spoof (GET/POST etc.). You can see it in fiddler.
12) Add headers and body and modify it according to your needs.
13)Click on Send and you will receive the response.
14) Fiddler can capture requests on Android too. I will post the tutorial of capturing requests on Android tomorrow. Keep following the Blog for it.
Follow us on Facebook:- Facebook.com/VAPTHacker
Application Programming Interface aka API is a code that allows two different softwares to interact with each other. We will try to sniff Web API here. Web API are of mainly two types :- SOAP and REST.
SOAP API contains only headers while REST API contains headers as well as body.
Headers and body are used to send data to a server across the internet.
SNIFFING
If your APIs are insecure, a hacker can sniff them and modify it to cause damage to your server. Fiddler is one of the software which allows us to sniff API.
1) Download fiddler from https://www.telerik.com/download/fiddler and install it in Kali or Windows.
2) Install Fiddler and run it as Admin.
3) You will see a screen like this
4) Open any Url on your browser.
5) You will see that Requests will be captured there.
6) You can modify the body and headers and spoof a request.
7) To spoof a request, we will be using a google chrome plugin "Postman".
8) You can download it from
https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop?hl=en
9)On opening it, you will see a screen like this.
11) Now Select the Request type which you want to spoof (GET/POST etc.). You can see it in fiddler.
12) Add headers and body and modify it according to your needs.
13)Click on Send and you will receive the response.
14) Fiddler can capture requests on Android too. I will post the tutorial of capturing requests on Android tomorrow. Keep following the Blog for it.
Always remember to use Kali for helpful purposes and not use it to cause harm.
Stay Safe.
Stay Safe.
Follow us on Facebook:- Facebook.com/VAPTHacker
LinkedIn:- https://www.linkedin.com/in/rohankalra97/
Twitter:- https://twitter.com/rohankalra97
Comments
Post a Comment