Endpoint Analysis

Reverse Engineering

Proxy

Create a new Postman collection and enable proxy (postman interceptor extension).

Browse through the site, manually discard the non-API endpoints, and then save the remaining requests under the desired collection.

Mitmweb

Launch mitmiweb, proxy traffic to 8080, and use the web application as intented.

mitmweb
(trapped) error reading bcrypt version
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 619, in _load_backend_mixin
    version = _bcrypt.__about__.__version__
              ^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'
[08:29:57.864] HTTP(S) proxy listening at *:8080.
[08:29:57.866] Web server listening at http://127.0.0.1:8081/
MESA: error: ZINK: failed to choose pdev
glx: failed to create drisw screen
failed to load driver: zink

From mitiweb's interface (8081) save the file.

Using APIs and Excessive Data Exposure

PreviousRecon NextFinding Security Misconfigurations

Last updated 1 year ago