Let's say I have an API api.example.com and I want to test all endpoints. I don't have access to documentation, how I can enumerate all the endpoints?
-
I'm not sure if this is on-topic here. Could you elaborate on why you think it is?Tom K.– Tom K.2018-04-26 12:44:21 +00:00Commented Apr 26, 2018 at 12:44
-
I am testing the security of an api, what I have learned that in most apis, some endpoints are not protected and you can have unauthorised accessjohn– john2018-04-26 15:01:27 +00:00Commented Apr 26, 2018 at 15:01
-
I'm assuming you were assigned this, as a pen-test? Then we should assume that an attacker can find the API endpoints. You may have to teach the customer about the problems with security-by-obscurity.S.L. Barth is on codidact.com– S.L. Barth is on codidact.com2018-04-26 15:10:53 +00:00Commented Apr 26, 2018 at 15:10
Add a comment
|
1 Answer
From the outside, there's no generic method. A site can have as many (possibly obfuscated) endpoints as they wish.
You could, however, get lucky if there is an automatically generated site-map; it might just include a list of endpoints.
From the inside, it's possible. It can be labor-intensive, depending on how the site works. If you have access to the web server configuration, you can walk through it to find the endpoints.
For an Apache webserver, start with httpd.conf .
For IIS, you'll have to open the GUI and find the sites hosted by that IIS server, then find the endpoints on them.
answered Apr 26, 2018 at 9:26
S.L. Barth is on codidact.com
5,5348 gold badges42 silver badges47 bronze badges