🤓
TurvSec Wiki
  • 👨‍💻Who is Mr Turvey
  • Blogs and Notes
    • Techie Blogs
      • Troubleshooting Nessus
      • Bypassing CAPTCHA
      • How to Proxy Linux Traffic
    • Miscellaneous Blogs
      • PSD2 and Open Banking
      • Cheap Pen Testing
      • Top 10 Pen Testing Tools
      • Scoping Web Applications
  • Web App Testing
    • 🌍Content Discovery
      • 🔎Subdomain Enumeration
      • 📃Dir & Page Enumeration
    • 💉Injections
      • CSV Injection
    • 🕸️JSON WEB TOKENS
    • 🔏Testing SSL/TLS
    • 📮Testing APIs with POSTMAN
  • Offensive Security
    • 🎣Phishing with Evilginx2
    • 🔐WPA2 Cracking
  • Physical Security
    • 👨‍✈️Social Engineering
  • Tools
    • Burp2API - BurpSuite to JSON
    • allthewayback - Search Wayback
    • Thicc - Thick App Testing Aid
Powered by GitBook
On this page
  1. Web App Testing

Testing APIs with POSTMAN

Testing APIs with POSTMAN and Burp Suite

PreviousTesting SSL/TLSNextPhishing with Evilginx2

Last updated 1 year ago

You may find yourself in the position of having a Swagger/Open API documentation or POSTMAN file that you need to use as part of your security assessment. Here's how to set that up.

Firstly, download and you'll need too.

Now go to POSTMAN and click settings:

Turn off "SSL certification verification" so you don't get error messages:

Now go to Burp Suite and the Proxy tab. Your listener should be 127.0.0.1:8080

Back to the POSTMAN settings, click on the Proxy tab and set the Burp Suite listener in here:

We are now ready to import that Swagger/Open API or POSTMAN file. Click import:

Then paste the JSON/YAML text into the box or upload the file:

This will then populate the navigation area on the left.

You can click on any of these API requests and use them how you want to:

When you click SEND in POSTMAN, this will be sent to Burp Suite, so make sure you have intercept turned on and do your thing!

If you would like to see this in practice, take a look at the video below:

📮
POSTMAN
Burp Suite
Testing REST APIs video.
POSTMAN Settings.
SSL verification off
Burp Suite Proxy Settings.
POSTMAN Proxy Settings.
Import API data
Paste JSON, YAML or upload files.
Sending API requests in POSTMAN.
POSTMAN request sent to Burp Suite.