[go: up one dir, main page]
Scribd
Upload
19 views7 pages

Name: Krishna Kishor Agwal Date: 29/03/2024 Course: EHM2: Application Programming Interface

Uploaded by

sfuzail2000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views7 pages

Name: Krishna Kishor Agwal Date: 29/03/2024 Course: EHM2: Application Programming Interface

Uploaded by

sfuzail2000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Name: Krishna Kishor Agwal

Date: 29/03/2024
Course: EHM2

Topic: Application Programming Interface

What is API?
Ans➔ APIs are mechanisms that enable two software components to
communicate with each other using a set of definitions and protocols. For
example, the weather bureau’s software system contains daily weather
data. The weather app on your phone “talks” to this system via APIs and
shows you daily weather updates on your phone.

In that we use some tool


1] rest client
2] docker.io
3] triedful api

1]rest client :- The REST (REpresentational State Transfer) client


initiates the request to the API. All kinds of different REST clients exist,
but whether its Google Maps or Timezone, it's the same process of the
REST client issuing an HTTP request to the API interface.

this is log of rest client


Docker.io

How to install docker.io


1] apt-get install docker.io
2] from GitHub install it tiredful-api-docker
3] This is just a docker image that spins up an instance of Tiredful API.
You can run a container with the following command:

docker container run -it --rm -p 8000:8000 tuxotron/tiredful-api

You will need to prefix such command with sudo if your user doesn't have
elevated privileges in the system or belongs to the docker group.

If you prefer to build your own image, just clone this repository and issue
a docker build command.

Once you have run that commmand, you should be able to access to the
application through port 8000 on localhost.

What is Tiredful API?


Tiredful API is intentionally designed broken app. The aim of this web app
is to teach developers, QA or security professionals about flaws present in
webservices (REST API) due to insecure coding practice.

Command to use docker

docker build -t tiredful .

Command ot use docker docker container run -it --rm -p 8000:8000


tuxotron/tiredful-api

This is setup of API


LAB fist

This comment we use for run the lab or


we see log
Frist lab information disclosure
Lab is solved

Second lab access control

execute operation which should be allowed only to admin users.


Challenge: Insecure Direct Object Reference

In that we get exam results by batman

We add in that headers


1] accept: application/json
2] Authorization Bearer
NaECBzZ03R2yzNuL1yS1W6jGHZXt7c
Id token
We get the response

Challenge: Rate Limit Implementation


In that we see rate limit

We see that status code is 429

We got our answers

You might also like