API Hacking Techniques

Learn how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing. The post Evade IP blocking by using residential proxies appeared first ...

Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack. The post From Exploit to Extraction: Data Exfil in Blind RCE Attacks appeared ...

Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API. The post Attacking APIs using JSON Injection appeared first on ...

Learn how to set up your hacking environment to attack mobile apps & APIs running on modern versions of Android with Burp Suite. The post Hacking Modern Android Mobile Apps & APIs ...

Learn why the X-Bug-Bounty custom HTTP header can be helpful during your bug bounty engagements with a target. The post Why the X-Bug-Bounty Header Matters for Hackers appeared first on Dana Epp's ...

Gain a competitive edge over other security researchers by detecting changes to APIs before others even know about them by using oasdiff. The post Detecting new API endpoints with oasdiff appeared first ...

Learn how to map MITRE CAPEC attack patterns to STRIDE threat model categories and improve your approach to security testing. The post Mapping Attack Patterns to your Threat Model appeared first on ...

Learn how to conduct covert data exfiltration within JSON payloads of an API response. The post Covert Data Exfiltration via JSON in an API appeared first on Dana Epp's Blog ...

Learn how to use Param Miner to find hidden parameters that may help manipulate an API in unintended ways, revealing potential security flaws. The post Finding hidden API parameters appeared first on ...

Learn how to weaponize API discovery metadata to improve your recon of the APIs you are hacking or conducting security testing on. The post Weaponizing API discovery metadata appeared first on Dana ...