Tweet

Abhishek Meena

Oct 26 • 10 tweets • 4 min read

API-Security-Tips🌵

Old version of API tend to be more vulnerable

Saw a call to api/v3/login? Check api/v1/login exists as well It might be more vulnerable

#cybersecurity #hacking #bugbounty #bugbountytips #infosec #APIsecurity

API TIP: 1/10👇🏿✔

Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc..

Find and test all of them for AuthN problems.

API TIP: 2/10👇🏿✔

SQL Injections used to be extremely common 5-10 years ago, and you could break almost every company?

BOLA (IDOR) is the new epidemic of API security.

As a pentester, if you understand how to exploit it, your glory is guaranteed.

medium.com/@inonst/a-deep…

API TIP: 3/10👇🏿✔

Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL?

Developers sometimes use "Kernel#open" function to access URLs == Game Over.

Just send a pipe as the first character and then a shell command (Command Injection by design)

API TIP: 4/10👇🏿✔

Found SSRF? use it for:

Internal port scanning
Leverage cloud services(like 169.254.169.254)
Use webhook.site
to reveal IP Address & HTTP Library
Download a very large file (Layer 7 DoS)
Reflective SSRF? disclose local mgmt consoles

API TIP: 5/31 👇🏿✔

Mass Assignment is a real thing.

Modern frameworks encourage developers to use MA without understanding the security implications.

During exploitation, don't guess object's properties names, simply find a GET endpoint that returns all of them.

API TIP: 6/10👇🏿✔

A company exposes an API for developers?

This is not the same API which is used by mobile / web application.

Always test them separately.

Don't assume they implement the same security mechanisms.

API TIP: 7/10👇🏿✔

Pentest for REST API?

Give it a chance and check if the API supports SOAP also.

Change the content-type to "application/xml", add a simple XML in the request body, and see how the API handles it.

API TIP: 8/10 👇🏿✔

Pentest for APIs?

Trying to find BOLA (IDOR) vulnerabilities?

IDs in the HTTP bodies/headers tend to be more vulnerable than IDs in URLs. Try to focus on them first.

API TIP: 9/10👇🏿✔

@traceableai

The API uses Authorization header?

Forget about CSRF! If the authentication mechanism doesn't support cookies, the API is protected against CSRF by design.

Thank you for Reading These these thread
All credit Goes to
@traceableai

Please Follow if you like

API TIP: 10/10👇🏿✔

• • •

Missing some Tweet in this thread? You can try to force a refresh

This Thread may be Removed Anytime!

Twitter may remove this content at anytime! Save it as PDF for later use!

More from @Aacle_

Abhishek Meena

@Aacle_

Oct 29

Some of the major vulnerabilities and related POC’s:

➡SQLi
➡XSS
➡SSRF
➡XXE
➡Path Traversal
➡Open Redirection
➡Account Takeover
➡Remote code execution
➡IDOR
➡CSRF

#hacking #bugbounty #bugbountytips

Are Found Below🧵(1/n)👇

SQLi POC’s:

#hacking #bugbounty #bugbountytips

1. medium.com/@mahitman1/hac…
2. medium.com/@valeriyshevch…

XSS POC’s:

#hacking #bugbounty #bugbountytips

🔗1.
medium.com/@jonathanbouma…
🔗2.
medium.com/@jonathanbouma…
🔗3.
medium.com/@jonathanbouma…

Read 12 tweets

Abhishek Meena

@Aacle_

Oct 25

How to be Mobile Penetration tester in 2022

Mega Guide🧵(1/n)👇 For Beginner

A step-by-step Android penetration testing guide for beginners
hackthebox.com/blog/intro-to-…

The Mobile Hacking CheatSheet

The Mobile Hacking CheatSheet is an attempt to summarise a few interesting basics info regarding tools and commands needed to assess the security of Android and iOS mobile applications.

github.com/randorisec/Mob…

Read 10 tweets

Abhishek Meena

@Aacle_

Oct 25

Finding P1 Vulnerabilities: Tools & Resources

Thread🧵(1/n)

Guide:

While researching some neat domain based bug bounties on sites like HackerOne and BugCrowd, I've found some good vulnerable sites that pay you good money if you find something useful.

Step 1: Determine if a website is worth hacking

If the site you’re doing recon on just doesn’t look like it might be vulnerable (i.e. updated styling, utilizes PLP, looks clean),

Read 13 tweets

Abhishek Meena

@Aacle_

Oct 25

Guide for Beginner and Intermediate in Bug bounty

- Learn HTML.
Learning html is needed because as a bug bounty hunter you need this as if you are hunting on websites.

- Do a project on website development.
This will give you a good understanding of website and how website really works and functions

As of now You have good understanding of websites

- Do Learn/Practice as much you can on OWASP TOP 10, basically it contains top 10 trending vulnerability in the current year

Read 7 tweets

Abhishek Meena

@Aacle_

Oct 23

27 ways to learn ethical hacking for free:

1. Root Me — Challenges.
2. Stök's YouTube — Videos.
3. Hacker101 Videos — Videos.
4. InsiderPhD YouTube — Videos.
5. EchoCTF — Interactive Learning.
6. Vuln Machines — Videos and Labs.
7. Try2Hack — Interactive Learning.

8. Pentester Land — Written Content.
9. Checkmarx — Interactive Learning.
10. Cybrary — Written Content and Labs.
11. RangeForce — Interactive Exercises.
12. Vuln Hub — Written Content and Labs.
13. TCM Security — Interactive Learning.
14. HackXpert — Written Content and Labs.

15. Try Hack Me — Written Content and Labs.
16. OverTheWire — Written Content and Labs.
17. Hack The Box — Written Content and Labs.
18. CyberSecLabs — Written Content and Labs.
19. Pentester Academy — Written Content and Labs.
20. Bug Bounty Reports Explained YouTube — Videos.

Read 6 tweets

Abhishek Meena

@Aacle_

Oct 23

List Of My Top 15 Favorite
YouTube Channel

That could help you in
Cyber Security👇🏻

#cybersecurity #bugbounty #bugbountytips #hacking #infosec

Don't Forget To Mension Your's Favourite