Reverse engineering an API with Postman

In this tutorial I want to show you how to reverse engineer an API and then use it in Postman.

Preparation

Before you can get started, you first need to make some preparations so that requests from an API can be saved.

FoxyProxy

Install FoxyProxy for your Browser, it is available for Firefox and Chrome.

Click on FoxyProxy > Options and click on Add:

  1. Name: Postman (5555)
  2. Proxy Ip or DNS name: localhost
  3. Port: 5555

Postman

Install Postman for your machine and register an account if not done yet.

After launching Postman create a new Workspace for this purpose:

  1. Workspaces Tab
  2. Click on Create Workspace
  3. Give it a proper name

Start

First, create a new Collection in this workspace, by clicking on the + button next to the filter field.

Postman interface

Give your collection a proper name, e.g. {domain}_api

Now click Capture requests at the bottom right of the window

  1. Click on Enable proxy
  2. Enable Save Responses for Requests
  3. URL must contain: type in the domain e.g. myapp.com
  4. Click Start Capture

Now start your browser and navigate to your domain.

Gathering

Next, click on FoxyProxy and choose Proxy (5555) and start using the app as intended to capture all the requests in Postman. As you are using the app, you should see the list populated with requests in Postman.

For the best result use all features of the app. For example:

  1. Register
  2. Login
  3. Forget password
  4. Update Profile Image
  5. Upload Files
  6. post, like, interact with comments
  7. etc.

Extraction

When you are done, go to Postman and click Stop, to stop the capturing. You should now have a bunch of requests. Simply select all desired API requests and click Add to collection.

Captured requests in Postman
Here we have requests from crAPI

Sort your collection by endpoints and then create for each endpoint a new folder. You can do this by right-clicking on the collection and choosing Add folder. Name the folder as the endpoint and drag and drop all requests into the right folder.

Now you have a nice collection of requests for the desired API.

Conclusion

This method is a simple and fast way to get requests from an API you wish to test or play around with. I recommend this method for developers, that need a collection of endpoints without the hassle to create each on their own.

There is another method I will show you in a later post. This method is suited for penetration tests and will require a bit more work, but this is the preferred way to extract endpoints from an application when it comes to penetration tests.

If you have any questions feel free to contact me.

Subscribe to Eduard Schwarzkopf

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe