Friday, 23 October 2015

Attacking JSON Application : Pentesting JSON Application

Hello all, Its quite long time i have dosn`t updated my blog. So  here we go.

Today we will see how we can pentest  JSON Web Application.

Note- Some of the methods are taken from third party resources and some are presented as my personal experience.

First What Is JSON According To JSON Website.

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999

"In a lemon language JSON is typically used Javascript to pass the parameter". Like Below HTTP Request.

GET /site/getuserinfo=narendrabhati HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:44.0) Gecko/20100101 Firefox/44.0
Content-Type: application/json;