Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Howto Reverse-Engineer a REST-Webservice

I'm currently trying to reverse-engineer a private REST-Webservice, which lacks documentation. The only thing I know about it is, that it's written in PHP, using the ZendFramework. Is there any simple way of finding out, which actions are allowed and which parameters I have to supply to make the service work correctly?

Greets, Rob

like image 658
Robert Heine Avatar asked Jul 26 '11 13:07

Robert Heine


People also ask

Is it illegal to reverse engineer an API?

In the USA reverse engineering APIs, as described by you, will typically be prohibited by a EULA, or if not specifically mentioned in a EULA by the DMCA.

How do I reverse an engineering website?

You can also use shortcut 'Ctrl' + Shift + “I” for most of the browsers like Chrome, Firefox, etc. The uppermost tab holds different options provided by the browser. We will first discuss each option in brief. Elements: Provides the source code of the page displayed along with CSS.

What is reverse engineering an API?

Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Knowing how an API actually behaves enables you to identify flaws and security vulnerabilities like accidental data leakage.


1 Answers

You can use network analyzer tool like WIRESHARK to capture data sent on network Read more about it on wireshark site

For example i hit login web service data captured by wireshark is as: enter image description here

In above image you can see data sent on HTTP protocol

1.) method POST

2.) Under MIME info for example

Content-Disposition: form-data; name="phoneNumber"\r\n\r\n

name of parameter is phoneNumber

===========UPDATE==============

Here you can see fiddle captured data:

1.) Click on GO bottun, after that it starts capturing requests Fiddle screenshot

like image 122
Rohit Dhiman Avatar answered Oct 06 '22 18:10

Rohit Dhiman