Friday, 23 October 2015

Attacking JSON Application : Pentesting JSON Application



Hello all, Its quite long time i have dosn`t updated my blog. So  here we go.



Today we will see how we can pentest  JSON Web Application.

Note- Some of the methods are taken from third party resources and some are presented as my personal experience.

First What Is JSON According To JSON Website.

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999

"In a lemon language JSON is typically used Javascript to pass the parameter". Like Below HTTP Request.

GET /site/getuserinfo=narendrabhati HTTP/1.1
Host: websecgeeks.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:44.0) Gecko/20100101 Firefox/44.0
Content-Type: application/json;

Featured post

Yandex IMAP Brute Forcing(No Rate Limit For Login Attempts)

Hello Guyzssss, I am not in bug bounty so much, But while using one of the yandex service, I found that there was no Rate Limit Deploye...

Popular Posts