Wordlists
You can use wordlists in Akto's YAML tests
Wordlists have multiple use cases in API Security testing -
Test API by fuzzing a parameter with different malicious values eg. SQL Injection.
Test API by replacing a specific parameter (eg
user_id) by values from other users.
You can add a wordlists section in your YAML file.
Example of a static wordlist:
Say, you have an API which takes file as a query paramter. You can use the following YAML to hit the same API with multiple malicious file paths.
wordLists:
filePaths:
- /etc/passwd
- /etc/lsb-release
- /etc/shadow
- /etc/hosts
- /proc/self/environ
- /proc/self/cmdline
- /proc/self/cwd/index.php
- /proc/self/cwd/application.py
- /proc/self/cwd/main.py"
- /proc/self/exe
execute:
type: single
requests:
- req:
- modify_query_param:
file: ${filePaths} # this is how you refer to a wordlist ${wordlist_name}
Example of a dynamic wordlist
You can also create a wordlist of your own from the traffic data.
For example, you have a profile data API /api/v1/user-info?user_id=834cc2de-050b-4a2f-8b54-67b1847d3591. You want to carry a BOLA attack where you want to replace user_id 834cc2de-050b-4a2f-8b54-67b1847d3591 by other value user ids. These valid user ids are present in other APIs in your Akto dashboard.
You can create a wordlist of all values from all your APIs in the following manner -
wordLists:
user_ids:
source: sample_data
key:
regex: "^UserId$|^UserID$|^User-ID$|^user_id$|^user-id$|^userid$"
all_apis: true
execute:
type: single
requests:
- req:
- modify_query_param:
user_id: ${user_ids}
This will create a wordlist dynamically from your traffic data. It will resolve to create a wordlist similar to -
185ad0f5-f4da-4ca6-bf25-2f337ce5c928
3e00c415-1a0c-4026-9863-43627416e5d1
3700ad8c-a517-4c14-8c7b-489214ee8b50
22d0d22f-17f5-440f-a2fe-03a919e348c4
Last updated
Was this helpful?