Notes

API Hacking

Enumerating

Section titled “Enumerating”

Wordlist

Section titled “Wordlist”
  • directory-list-2.3-small.txt
  • common.txt

FUFF

Section titled “FUFF”
Terminal window
ffuf -u http://10.10.200.55/api/vFUZZ/ -w directory-list-2.3-small.txt -v -c
Terminal window
ffuf -u http://10.10.200.55/api/v1/resources/FUZZ?id=1 -w directory-list-2.3-small.txt -v -c
Terminal window
ffuf -u http://10.10.200.55/api/v1/resources/books?FUZZ=1 -w directory-list-2.3-small.txt -v -c
Terminal window
ffuf -u http://10.10.200.55/api/v1/resources/books?show=FUZZ -w directory-list-2.3-small.txt -v -c
  • -fc: filter HTTP status code
  • -fs: filter HTTP response size