How to construct API POST request without documentation?

Recently I tried Vulnerable REST API which can be found at https://github.com/erev0s/VAmPII don't have any issue with GET request as all I need is the right url without any http body

$ curl 127.0.0.1:5000 { "message": "VAmPI the Vulnerable API", "Help": "VAmPI is a vulnerable on purpose API. It was created in order to evaluate the efficiency of third party tools in identifying vulnerabilities in APIs but it can also be used in learning/teaching purposes." } 

For POST request, http body is required to send necessary data to the API endpoints. Let's take a look at these 2 which can be found on the github page.

POST /users/v1/register Register new user POST /users/v1/login Login to VAmPI 

Unfortunately, these are the only information given and no documentation on how to craft the request (http body).Since I don't know the http body format for these 2 POST request, I'm getting 400 BAD REQUEST which is expected.

Request

POST /users/v1/login HTTP/1.1 Host: 127.0.0.1:5000 Accept: */* Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 0 

Request

POST /users/v1/register HTTP/1.1 Host: 127.0.0.1:5000 Accept: */* Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 0 

Similar Response for both Requests

HTTP/1.0 400 BAD REQUEST Content-Type: application/problem+json Content-Length: 115 Server: Werkzeug/1.0.1 Python/3.9.12 { "detail": "None is not of type 'object'", "status": 400, "title": "Bad Request", "type": "about:blank" } 

How do I construct the right http body for POST request if I don't have knowledge/documentation about that?

submitted by /u/w0lfcat
[link] [comments]

from hacking: security in practice https://ift.tt/Z8BXj7G

Comments