Open in app

Sign up

Sign in

Write

Sign up

Sign in

API HACKING SECRETS PART 3

Nitesh Pandey
InfoSec Write-ups
Published in
2 min readMay 26, 2020

--

finding the WSDL file to extract ENDPOINTS

The most important thing in API is endpoints, most the time you will just play with the endpoint to find a vulnerability. So in this part we will learn how to extract endpoints from the WSDL file.

The first thing you need to do is you need to do recon and API recon is the easiest you only need to find the documentation and few google search and your task is done.

RECON:

Suppose you have a target website example.com.

which you want to hack and as mentioned above we need to do find the WSDL file so we can extract endpoints from that there are more ways also to find endpoint that i will cover in later part, for now, let us only focus on finding WSDL file.

If you will be lucky you will get the WSDL file just by adding?WSDL at the end of the base API. From the above example we have taken of example.com and considering that behind the website example.com the API service running is api.examle.com then you can easily find the wsdl file just by adding

https://api.example.com/api/?wsdl

YOu can also get a similar result just by doing the google search which is www.example.com filetype:WSDL

site:target.com filetype:wsdl

ext:svc inurl:wsdl

filetype:wsdl wsdl

•Filetype: ?wsdl

• inurl:asmx?wsdl OR inurl:jws?wsdl

• inurl:_vti_bin/sites.asmx?wsdl | intitle:_vti_bin/sites.asmx?wsdl

If both the techniques fail to give you the result then you should definitely take the help of all-time favorite tool Burpsuite.

And with burp suite you need an addon WSDL wizard which will automatically find the WSDL file from the crawled URL. the link of the adon is below.

WSDL Wizard

This extension scans a target server for WSDL files. After performing normal mapping of an application's content, right…

portswigger.net

If now also you are not able to find the WSDL file there is two possibility

  1. The WSDL file is not present it was removed by the web owner
  2. The WSDL file is not present at that particular end-point

Apart from these two there is one more scenario that is responsible if you are not able to find the WSDL file Do you know what it is?

The website is not using SOAP api.

I will request all of my readers if you know some more techniques to find WSDL do reply in the comment section so we all can learn few more techniques to find WSDL file Apart from that if you come across any google dork that can be helpful in finding WSDL file please share.

video demonstration the above techniques is available on my youtube channel API hacking playlist

https://www.youtube.com/watch?v=Nd-cFZ_0-fU

Check the next part for more details….

Infose
Penetration Testing
Bug Bounty
Apihacking
Api Hacking

--

--

Nitesh Pandey
InfoSec Write-ups
Follow

Written by Nitesh Pandey

358 Followers

I am security researcher and penetration tester.You can follow me on twitter https://twitter.com/NiteshYours and Linkedin https://www.linkedin.com/in/osintnites

Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams