API Fuzzing For Bug Bounty
원문: API Fuzzing for Bug Bounty
This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.
무엇을 하나요
API Fuzzing for Bug Bounty Purpose Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API specific attack vectors. Inputs/Prerequisites Burp Suite or similar proxy tool API wordlists (SecLists, api wordlist) Understanding of REST/GraphQL/SOAP protocols Python for scripting Target API endpoints and documentation (if available) Outputs/Deliverables Identified API vulnerabilities IDOR exploitation proofs Authentication bypass techniques SQL injection points Unauthorized data access documentation API Types Overview | Type | Protocol |…
실행 시 본인 API 키(BYOK)로 동작하며, 모델 비용은 사용자 계정에서 직접 결제됩니다.