HakByte: How to use Postman to Reverse Engineer Private APIs
Vložit
- čas přidán 21. 07. 2024
- In this episode we’ll show how to use Chrome or Firefox along with Postman to go from a website using a private API all the way to Python code.
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → hakshop.myshopify.com/
Subscribe → czcams.com/users/Hak5Darr...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.podbean.com/feed/
Threat Wire iTunes → itunes.apple.com/us/podcast/t...
Host: Michael Raymond → / the_hoid
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ - Věda a technologie
Good timing. I need a simple integration to a device with an api without documentation, and this will definitely help!
Thanks!!!! Amazing! Well worth spent 10 minutes to give me a MUCH better understanding. No fuzz, straight on with good examples and a working result.
Amazing, reverse engineered a wireless controller the same way. It was a great way to start network automation.
Postman is awesome, been using it for a long time. It is extremely helpful writting code to interface APIs.. even if they are undocumented.
Really enjoyed this, eyes are wide open for possibilities
what to do about cors error? i tried this multiple times, checked all headers but still giving me cors error
I would like to use your method but I get error 401 meassage "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API." Is there some method to find it or use other way?
Why not just filter by XHR requests?
Sometimes they put the data (like json) in the html code.
The entire header section is going to be used by ebay in this case to fingerprint the browsers. Should be anonymized. But I've noticed servers on ebay sometimes do not have all the required fields populated, that is a search like that will miss a Lot of servers simply because the seller does not fill in all data on the required description of the item.
want to create a zalando invoive scraper but I am completely new in that theme. Already checked that there is a specific link which triggers the download of the invoive. But I need an efficient way to scrape the ordernumbers and orderdates. Can I use the technique shown in the video to scrape those informations?
Can you decompile an app and search api and can you use in postman? If yes then I'll send apk
Can we do the same thing for air tickets??
does this work on websites that requires user log ins
Really nice vid. Thumbs-up of course. Just a quick suggestion - bump up your font size a bit (on some screens it is hard to see) and use some sort of pointer tracking tool, so that people can see where you click. I had to go back a couple of times in several sections of the video to see where you were clicking.
Please not the pointer tracking tool dear god
Good info. Can I do that with C#?
What if there's a really shitty website and I want to make another one on top of it, just to use it as a database basically?
can i do this with safari and brave
Nice video- any resources on reversing a mobil app API?
Great video. Liked and subscribed. Thanks.
Enjoyed this, does Michael Raymond have any courses on api Hacking?
thanks! great video!!!
Exactly like when a ho up in this house is taking too much of the pie and you need to take more from their available code so you can reverse engineer to thief back and take a higher position and more of your commission back- gig workers- get on that. They love to give opaque information but no helpful data. - Thanks for this-
Great information!!
What is he wearing? Is that a mic?
to be frank the website you want most likely have cookies which changes in 12_24 hr , hence they will send 404
Using Runescape as the ideal case example, I see you
Do RuneScape API bots even work? Most I know use Ahk
I prefer web based APIs I only know how to use those types by loading the content into a variable and splitting the string by the values I want
Hey Micheal from the Security FWD
Oh yeah wait a minute Mr.postman hey ey ey ye Mr.postman
Very cool!
Wow great michael.
Very cool indeed.
Brah, you need to hit up a boot camp.
I need help scraping data from a website that has a firewall. Will pay
i like scraping sites but many times it can be illegal when you tap on the source with PII in it.. just saying, btw, nice tutorial
Maybe against terms of service but illegal? Not sure about that. The data is being delivered publicly. You can do what you want.
For this, You can search for *Hacklord Tom* a business page on fäcebóok.. he offers a wide range of hacking and spy services
Yummy yummy, time to scrape.
thankyouu
Cool. :)
💯
Jason.
👌
💚
5
Second
Fourth
third
First
omfg you are claiming you are 'reverse engineering' lmfao, this is pathetic...
what is this then?
@@Christian-mn8dh it’s simply monitoring the results. It’s not giving you the code behind or data access layers. Sure it shows a how to *sniff* an api, but that’s it.
@@saberint interesting. im trynna learn reverse engineering, have any advice on how I should start? it's kinda hard to find a good structured education for this
This guy has very feminine qualities
He is wearing a pride shirt.
WTF is wrong with you people