Menu
Is there a way to reverse-engineer a private RESTful API?
Say, I have a website that uses this API, and I was able to figure out some access point urls of the API. Now, for those urls I need to figure out which JSON payload it will except. Is there a methodical way to do this?
475
Reverse engineering, also called back engineering, is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. Knowing how an API actually behaves enables you to identify flaws and security vulnerabilities like accidental data leakage.
Is reverse engineering API illegal? Yes, it is illegal; until it is public & the author has no issue with you if you run reverse engineering on their API.
Hackers often use reverse engineering to find vulnerabilities in systems and devices. In many cases, hackers will obtain a copy of the software or hardware they want to attack. They will disassemble it, looking for ways to bypass security features or exploit weaknesses.
Find the request that you would like to import into Postman. Select it, right click, and then select Copy as cURL. In the Postman app, click the Import button in the top left, and tab over to Paste Raw Text. Paste your cURL request here, and confirm the import.
I would look into HTTP Toolkit. It's a great tool that logs network requests including URLs, headers, body, and more. HTTP Toolkit can be used to view requests coming from a browser, terminal, JVM, Android device, etc. It's open source and works on Mac, Linux, and Windows.
56
For future reference, some applications to do so are:
Download, if available, an existing client/mobile app for the API you are about to investigate and look at the data the application sends and retrieves.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
