API Hacking Techniques Archives

Learn how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing.

Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack.

Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API.

Learn how to set up your hacking environment to attack mobile apps & APIs running on modern versions of Android with Burp Suite.

Learn why the X-Bug-Bounty custom HTTP header can be helpful during your bug bounty engagements with a target.

Gain a competitive edge over other security researchers by detecting changes to APIs before others even know about them by using oasdiff.

Learn how to map MITRE CAPEC attack patterns to STRIDE threat model categories and improve your approach to security testing.

Learn how to conduct covert data exfiltration within JSON payloads of an API response.

Learn how to use Param Miner to find hidden parameters that may help manipulate an API in unintended ways, revealing potential security flaws.

Learn how to weaponize API discovery metadata to improve your recon of the APIs you are hacking or conducting security testing on.

Category: API Hacking Techniques