Making API Bug Bounties A Breeze!

November 6, 2023

Auto OpenAPI Generation - The Network Doesn't Lie

Harish Nataraj

November 11, 2022 · 3 min read

New Tool To Accelerate Your API Hacking!

Synopsis

Cut API bounty hunting time in half and reap more $$$! A new tool that plays well with Burp and ZAP and significantly accelerates your API bug bounty efforts.

Hacking APIs Takes Time & Effort

Hacking APIs Is Hard Work

Hacking modern web applications is all about hacking the underlying APIs being used by the mobile or web UI.

However hacking APIs is both time and resource intensive. Below is a brief description of the many steps involved.

Build API Asset Inventory

You will first need to browse the full application while proxying traffic via a tool like Burp.

Proxy API Traffic Via Burp

Proxy API Traffic Via Burp

Then you will need to identify all the API endpoints and the underlying JSON schema by analyzing the captured traffic.

Identify API EndPoints & Underlying Schema
Identify API EndPoints & Underlying Schema

You will then have to compile all this data in a spreadsheet to keep track of it.

Spreadsheet Of APIs Browsed
Spreadsheet Of APIs Browsed

This is typically a multi-hour or multi-day effort based on the size and complexity of the application.

Prioritize APIs Based On Sensitive Data (PII/PSI)

Hacking APIs is largely about trying to get unauthorized access to sensitive customer data. So ultimately you will need to comb through the APIs discovered and prioritize them based on the presence of sensitive data (PII/PSI).

Identify PII In APIs

Manually Identify PII In APIs

Launch Attacks Against Prioritized APIs

Now that you have short-listed APIs for hacking, you will need to launch various types of attacks against them using tools like Burp, Curl, Postman, etc.

Some of the attacks involve bypassing authentication and authorization controls of the APIs. So you will need to customize Burp with addons from the marketplace, or in some cases write your own scripts to automate/scale the hacking effort.

Profit By Submitting Bounty Reports

If you are lucky, after a significant amount of work, you would have identified some API vulnerabilities that you can report, and reap a reward.

Accelerate Bounties With This Innovative Burp Extension

Accelerate Bounties With This Innovative Burp Extension
Accelerate Bounties With This Innovative Burp Extension

Levo Burp Extension is a completely free and open-source tool that cuts your bounty-hunting time in half.

Extension Auto-Discovers APIs & Auto-Generates JSON Schema

The extension & free service, auto-discovers your API endpoints, and auto-generates the underlying OpenAPI schema for them.

Auto-discovered API Assets
Auto-discovered API Assets.

In addition, the service will auto-prioritize the API endpoints based on the presence of sensitive data (PII/PSI).

All you need to do is surf the application via your Burp proxy.

APIs Auto-prioritized By Presence of Sensitive Data
APIs Auto-prioritized By Presence of Sensitive Data

Extension/Service Facilitate Launching Sophisticated API Attacks

Once you have auto-prioritized your API endpoints, you can use the free service to launch sophisticated business logic attacks on them.

Here is a video that shows how the extension works.

Extension Also Available For OWASP ZAP

Prefer ZAP to Burp? We got you covered. Here is a ZAP plugin that essentially accomplishes the same.

Feedback / Feature Requests

We would love to hear from you about your experiences and/or any feature requests. Drop us a line at support@levo.ai

Happy bounty hunting!!

Grow your business.
Today is the day to build the business of your dreams. Share your mission with the world — and blow your customers away.
Start Now