crAPI Lab Solutions (Api Hacking)

Aditya Chauhan

--

Intro :

crAPI (Completely Ridiculous Application Programmer Interface) defines an intentionally vulnerable API to the OWASP API Top 10 vulnerabilities. crAPI is meant to illustrate and educate by presenting these issues for you to discover and exploit.

lab: https://github.com/OWASP/crAPI

Challenge 1 — Access details of another user’s vehicle

To solve the challenge, you need to leak sensitive information about another user’s vehicle.

  • Since vehicle IDs are not sequential numbers, but GUIDs, you need to find a way to expose the vehicle ID of another user.
  • Find an API endpoint that receives a vehicle ID and returns information about it.

Step 1

Login user Account

Step 2

After login user account ade vehicles

Step 3

Click Contact Machanic

Send service Request

Step 4

Capture the request of mechanic_report

Step 5

Send to intruder > select payload position

Set payload>Numbers >Start Attack

Start Attack

Get all information about vehicles or other user

#crAPI #Apihacking

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Aditya Chauhan
Aditya Chauhan

Written by Aditya Chauhan

ISO 27001 LA | VAPT | Synack Red Teamer | HTB Dante | HTB RASTA | HTB Cybernetics | HTB Offshore | HTB APTLabs | Cyber Security Analyst | Security Researcher

No responses yet

Write a response