API HACKING SECRETS PART 3

Nitesh Pandey
May 26 · 2 min read
Image for post
Image for postImage for post

finding the WSDL file to extract ENDPOINTS

The most important thing in API is endpoints, most the time you will just play with the endpoint to find a vulnerability. So in this part we will learn how to extract endpoints from the WSDL file.

The first thing you need to do is you need to do recon and API recon is the easiest you only need to find the documentation and few google search and your task is done.

RECON:

Suppose you have a target website example.com.

which you want to hack and as mentioned above we need to do find the WSDL file so we can extract endpoints from that there are more ways also to find endpoint that i will cover in later part, for now, let us only focus on finding WSDL file.

If you will be lucky you will get the WSDL file just by adding?WSDL at the end of the base API. From the above example we have taken of example.com and considering that behind the website example.com the API service running is api.examle.com then you can easily find the wsdl file just by adding

https://api.example.com/api/?wsdl

YOu can also get a similar result just by doing the google search which is www.example.com filetype:WSDL

site:target.com filetype:wsdl

ext:svc inurl:wsdl

filetype:wsdl wsdl

•Filetype: ?wsdl

• inurl:asmx?wsdl OR inurl:jws?wsdl

• inurl:_vti_bin/sites.asmx?wsdl | intitle:_vti_bin/sites.asmx?wsdl

If both the techniques fail to give you the result then you should definitely take the help of all-time favorite tool Burpsuite.

And with burp suite you need an addon WSDL wizard which will automatically find the WSDL file from the crawled URL. the link of the adon is below.

If now also you are not able to find the WSDL file there is two possibility

Apart from these two there is one more scenario that is responsible if you are not able to find the WSDL file Do you know what it is?

The website is not using SOAP api.

I will request all of my readers if you know some more techniques to find WSDL do reply in the comment section so we all can learn few more techniques to find WSDL file Apart from that if you come across any google dork that can be helpful in finding WSDL file please share.

video demonstration the above techniques is available on my youtube channel API hacking playlist

https://www.youtube.com/watch?v=Nd-cFZ_0-fU

Check the next part for more details….

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Nitesh Pandey

Written by

I am security researcher and penetration tester.You can follow me on twitter https://twitter.com/NiteshYours and Linkedin https://www.linkedin.com/in/osintnites

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Nitesh Pandey

Written by

I am security researcher and penetration tester.You can follow me on twitter https://twitter.com/NiteshYours and Linkedin https://www.linkedin.com/in/osintnites

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store