📮Testing APIs with POSTMAN

Testing APIs with POSTMAN and Burp Suite

You may find yourself in the position of having a Swagger/Open API documentation or POSTMAN file that you need to use as part of your security assessment. Here's how to set that up.

Firstly, download POSTMAN and you'll need Burp Suite too.

Now go to POSTMAN and click settings:

POSTMAN Settings.

Turn off "SSL certification verification" so you don't get error messages:

SSL verification off

Now go to Burp Suite and the Proxy tab. Your listener should be 127.0.0.1:8080

Burp Suite Proxy Settings.

Back to the POSTMAN settings, click on the Proxy tab and set the Burp Suite listener in here:

POSTMAN Proxy Settings.

We are now ready to import that Swagger/Open API or POSTMAN file. Click import:

Import API data

Then paste the JSON/YAML text into the box or upload the file:

Paste JSON, YAML or upload files.

This will then populate the navigation area on the left.

You can click on any of these API requests and use them how you want to:

Sending API requests in POSTMAN.

When you click SEND in POSTMAN, this will be sent to Burp Suite, so make sure you have intercept turned on and do your thing!

POSTMAN request sent to Burp Suite.

If you would like to see this in practice, take a look at the video below:

Testing REST APIs video.
PreviousTesting SSL/TLSNextPhishing with Evilginx2

Last updated