HakByte: How to use Postman to Reverse Engineer Private APIs
Рет қаралды 73,540
Күн бұрынIn this episode we’ll show how to use Chrome or Firefox along with Postman to go from a website using a private API all the way to Python code.
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Our Site → www.hak5.org
Shop → hakshop.myshopify.com/
Subscribe → kzbin.info...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.podbean.com/feed/
Threat Wire iTunes → itunes.apple.com/us/podcast/t...
Host: Michael Raymond → / the_hoid
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
@lazerusmfh 3 жыл бұрын
Good timing. I need a simple integration to a device with an api without documentation, and this will definitely help!
@finbom Жыл бұрын
Thanks!!!! Amazing! Well worth spent 10 minutes to give me a MUCH better understanding. No fuzz, straight on with good examples and a working result.
@danielm1359 3 жыл бұрын
Amazing, reverse engineered a wireless controller the same way. It was a great way to start network automation.
@Belioyt 3 жыл бұрын
Really enjoyed this, eyes are wide open for possibilities
@c0ri Жыл бұрын
Postman is awesome, been using it for a long time. It is extremely helpful writting code to interface APIs.. even if they are undocumented.
@uboxtech Жыл бұрын
what to do about cors error? i tried this multiple times, checked all headers but still giving me cors error
@John_Smith__ 3 жыл бұрын
The entire header section is going to be used by ebay in this case to fingerprint the browsers. Should be anonymized. But I've noticed servers on ebay sometimes do not have all the required fields populated, that is a search like that will miss a Lot of servers simply because the seller does not fill in all data on the required description of the item.
@cristianbam 3 жыл бұрын
Why not just filter by XHR requests?
@janpost8598 Жыл бұрын
Sometimes they put the data (like json) in the html code.
@bukalter Жыл бұрын
I would like to use your method but I get error 401 meassage "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API." Is there some method to find it or use other way?
@georgesmith9178 Жыл бұрын
Really nice vid. Thumbs-up of course. Just a quick suggestion - bump up your font size a bit (on some screens it is hard to see) and use some sort of pointer tracking tool, so that people can see where you click. I had to go back a couple of times in several sections of the video to see where you were clicking.
@coder159 Жыл бұрын
Please not the pointer tracking tool dear god
@SamoCoder 2 жыл бұрын
Great video. Liked and subscribed. Thanks.
@Benedikt.05 3 ай бұрын
want to create a zalando invoive scraper but I am completely new in that theme. Already checked that there is a specific link which triggers the download of the invoive. But I need an efficient way to scrape the ordernumbers and orderdates. Can I use the technique shown in the video to scrape those informations?
@gasparem16 3 жыл бұрын
thanks! great video!!!
@ignaciokairuz Жыл бұрын
Great information!!
@BusinessIdeasHub 3 ай бұрын
Can you decompile an app and search api and can you use in postman? If yes then I'll send apk
@mmaranta785 3 жыл бұрын
Good info. Can I do that with C#?
@ryanrozario1195 2 жыл бұрын
Can we do the same thing for air tickets??
@drygordspellweaver8761 2 жыл бұрын
Nice video- any resources on reversing a mobil app API?
@river1711 3 жыл бұрын
Very cool!
@user-di6yc8cr1k Жыл бұрын
does this work on websites that requires user log ins
@mamupelu565 3 жыл бұрын
What if there's a really shitty website and I want to make another one on top of it, just to use it as a database basically?
@bigbooduh Жыл бұрын
Enjoyed this, does Michael Raymond have any courses on api Hacking?
@statesponsored9435 3 жыл бұрын
Wow great michael.
@Rheaded 3 ай бұрын
can i do this with safari and brave
@robertfacella846 3 жыл бұрын
Using Runescape as the ideal case example, I see you
@drygordspellweaver8761 2 жыл бұрын
Do RuneScape API bots even work? Most I know use Ahk
@evancunningham9872 3 жыл бұрын
Very cool indeed.
@firesnake6311 3 жыл бұрын
Oh yeah wait a minute Mr.postman hey ey ey ye Mr.postman
@zuberkariye2299 3 жыл бұрын
Hey Micheal from the Security FWD
@notamindninja2003 Ай бұрын
Exactly like when a ho up in this house is taking too much of the pie and you need to take more from their available code so you can reverse engineer to thief back and take a higher position and more of your commission back- gig workers- get on that. They love to give opaque information but no helpful data. - Thanks for this-
@sihmy9870 3 жыл бұрын
What is he wearing? Is that a mic?
@RohanVetale 5 ай бұрын
thankyouu
@midimusicforever 3 жыл бұрын
Cool. :)
@kizhissery Жыл бұрын
to be frank the website you want most likely have cookies which changes in 12_24 hr , hence they will send 404
@letsgetto1millwithoutvids 3 жыл бұрын
I prefer web based APIs I only know how to use those types by loading the content into a variable and splitting the string by the values I want
@dr.groove7957 3 жыл бұрын
Brah, you need to hit up a boot camp.
@denissetiawan3645 3 жыл бұрын
Yummy yummy, time to scrape.
@shemmo 3 жыл бұрын
i like scraping sites but many times it can be illegal when you tap on the source with PII in it.. just saying, btw, nice tutorial
@zapbeeblebrox1053 3 жыл бұрын
Maybe against terms of service but illegal? Not sure about that. The data is being delivered publicly. You can do what you want.
@kingsleyben297 3 жыл бұрын
For this, You can search for *Hacklord Tom* a business page on fäcebóok.. he offers a wide range of hacking and spy services
@mindyabiznarc 3 жыл бұрын
💯
@ismailachabi8627 Жыл бұрын
💚
@ca7986 3 жыл бұрын
👌
@Pervy 3 жыл бұрын
Jason.
@randyallen8610 Жыл бұрын
I need help scraping data from a website that has a firewall. Will pay
@ianp6742 3 жыл бұрын
First
@DD_MN 3 жыл бұрын
Second
@TabletMini 12 күн бұрын
Just be careful to use the online version, as you might disclose sensitive information public.
@edoch3700 3 жыл бұрын
Fourth
@harshdesai7957 3 жыл бұрын
third
@xseflx 3 жыл бұрын
5
@saberint 3 жыл бұрын
omfg you are claiming you are 'reverse engineering' lmfao, this is pathetic...
@Christian-mn8dh Жыл бұрын
what is this then?
@saberint Жыл бұрын
@@Christian-mn8dh it’s simply monitoring the results. It’s not giving you the code behind or data access layers. Sure it shows a how to *sniff* an api, but that’s it.
@Christian-mn8dh Жыл бұрын
@@saberint interesting. im trynna learn reverse engineering, have any advice on how I should start? it's kinda hard to find a good structured education for this
@mandc20022 3 жыл бұрын
This guy has very feminine qualities
@retiallc 3 жыл бұрын
He is wearing a pride shirt.
@CelesteOnYoutube 3 жыл бұрын
WTF is wrong with you people
SmashCrush! Arabic
Рет қаралды 39 МЛН
Hak5
Рет қаралды 517 М.
Тима Бичевский
Рет қаралды 1,7 МЛН