Professional Documents
Culture Documents
Mindmap
{{Recon}}
V1
V2
API Version Discovery
V3
Import the API environment,
documentation and collections etc
Manipulate the request headers and the endpoints which requires authentication and other publicly
monitor the server's actions to the Weaponizing accessible.
manipulations
Cookie based (non-standard)
Authentication / Authorization
Run the JavaScript scans to analyze methods
JavaScript files in order to Header based (standard)
understand the API infrastructure Authentication &
Authorization JWT (JSON Web Token)
Endpoints
Encrypted value
Objects Fuzzing points
Arbitrary value to save the user's state
Methods / Actions Identification handlers
Encoded Serialized value
Link it with Burp in order to extend Fuzzing
FFUF
your sitemap range Encrypted Serialized value
SecLists Objects