My Pentest Log -10- (A Little Tip)
Greetings to all from Khrysokeras,
Today, I would like to inform you about a problem I encountered while performing API tests.
1. It was reported by our project manager that I will conduct security tests on the APIs of the “private” company.
2. After reviewing the relevant scope form, I downloaded the collection file from the required address.
What is a collection file, you might ask:
Collection is a file that contains the items owned by the files and folders of the application. To explain in terms of APIs, there are the endpoints of the application and the details of these endpoints.
3. I usually do API security tests with Postman because Postman works great for both development and documentation and testing phases.
4. Anyway, after importing the collection file to postman, I started the necessary security testing steps.
5. After the steps of the security test, I detected various vulnerabilities. However, I could not fully test about 4–5 endpoints because the length of the returned response exceeded 50 MB.
So what is the significance of this for us?
When I encountered such a problem during the tests, I immediately started doing a little research on google.
It turns out that Postman returns up to 50 MB of responses by default, but unfortunately not more than 50 MB.
While researching what I can do from here, I learned that there is a solution to this problem.
First, we click on the “File” section on Postman and access the “Setting” section, then we change the “50” value in the “Max response size in MB” section in the Settings section, and close the setting page.
Now again, we see that we can read the response when we send a request to the endpoints we are having problems with.
6. By solving the problem I encountered easily through postman’s own settings, I completed the security tests on the relevant endpoints and started the necessary reporting step.
In summary:
Sometimes the problems we encounter can be caused by the limitations of the tools we use, which gives us the opportunity to get to know the tools we use more closely. For this reason, I recommend that you review your working environment while investigating any problem you encounter.
