# Postman Usage

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA)

## Install

{% embed url="<https://learning.postman.com/docs/getting-started/installation/installation-and-updates/>" %}

```
$ sudo wget https://dl.pstmn.io/download/latest/linux64 -O postman-linux-x64.tar.gz
$ sudo tar -xvzf postman-linux-x64.tar.gz -C /opt
$ sudo ln -s /opt/Postman/Postman /usr/bin/postman
```

## Proxy

127.0.0.1, and set the port to 5555, the default port for Postman’s proxy.

## Import

On DevTools, Network, right click on a API request, "Copy as cURL".&#x20;

Once you have copied the desired request, open Postman. Select Import and click on the "Raw text" tab. Paste in the cURL request and select import.

## Collections

Create a **Workspace** to save your collections in. &#x20;

To build your own collection in Postman with the Proxy, use the **Capture Requests** button, found at the bottom right of the Postman window. &#x20;

<figure><img src="/files/6IyAks1payOyus60yb6S" alt=""><figcaption></figcaption></figure>

In the Capture requests window, select **Enable proxy**. The port should match with the number that is set up in **FoxyProxy (5555)**. Next, enable the **Postman Proxy**, add your target URL to the "URL must contain" field, and click the Start Capture button.

Enable the proxy with FoxyProxy, visit all pages of the target and perform all possible actions (registration, login, upload, etc.)

Once you have captured all of the features you can find with manual exploration then you will want to Stop the Proxy. Next, it is time to build the collection: select the new button (top left side of Postman) and then choose Collection. Rename the collection.

Navigate back to the **Proxy debug session** and open up the **Requests tab**. Select all of the requests that you captured and use the **"add to Collection" link.**  Choose the "**organize the requests by Endpoints**" option.

## Automatic Documentation

{% embed url="<https://danaepp.com/how-to-craft-rogue-api-docs-for-a-target-when-they-dont-exist>" %}

{% embed url="<https://technicalnavigator.in/mitmweb-simplest-way-to-intercept-between-server-and-client/>" %}

{% hint style="warning" %}
*Don't forget to import the certificate*
{% endhint %}

Launch mitmweb

```
$ mitmweb
```

FoxyProxy to listen on 8080. Perform all the actions and visit all pages of the target.&#x20;

You can see the captured traffic by using a browser to visit the mitmweb web server located at <http://127.0.0.1:8081>.

Save the captured requests: File > Save

```
$ sudo mitmproxy2swagger -i /Downloads/flows -o spec.yml -p https://api.example.com -f flow

# -p <api_prefix>
# For example if an app has made requests like these:
# https://api.example.com/v1/login
# https://api.example.com/v1/users/2
# https://api.example.com/v1/users/2/profile
# The likely prefix is https://api.example.com/v1.
```

Update the YAML file so that "ignore:" is removed from the endpoints that you want to include.

Run the script once more. This second run will correct the format and spacing. This time around you can add the "--examples" flag to enhance your API documentation

```
$ sudo mitmproxy2swagger -i /Downloads/flows -o spec.yml -p https://api.example.com -f flow --examples
```

&#x20;Validate the documentation by visiting <https://editor.swagger.io/> and by importing your spec file into the Swagger Editor. Use **File>Import file** and select your spec.yml file

You can also import this file as a Postman Collection that way you can prepare to attack the target API. At the top left of your Postman Workspace, you can click the "Import" button. Next, select the spec.yml file and import the collection.

{% hint style="danger" %}
***Check your Collection variables*** \
*Get to the collection editor by using your collection, select the three circles on the right side of a collection, and the "Edit". Select the Variables tab will show you that the variable "baseUrl" is used. Make sure that the baseUrl Current Value matches up with the URL to your target*
{% endhint %}

<figure><img src="/files/lxDwPOOe8e8c7GQd7cOZ" alt=""><figcaption></figcaption></figure>

## Use Authorization

Add an authorization method to the collection to do authenticated requests.&#x20;

Using the Authorization tab, within the collection editor, we will need to select the right type for authorization.

## Send request to Burp

{% embed url="<https://learning.postman.com/docs/getting-started/installation/proxy/>" %}

{% hint style="success" %}
*Disable the SSL certificate verification in the General subtab of Postman’s settings to prevent ‘Self-signed Certificates Blocked’ errors*
{% endhint %}

1. Open Postman settings by pressing CTRL-, (comma) or navigating to File4Settings.
2. Click the Proxy tab.
3. Click the checkbox for adding a custom proxy configuration.
4. Make sure to set the proxy server to 127.0.0.1.
5. Set the proxy server port to 8080.
6. Select the General tab and turn SSL certificate verification Off.

<figure><img src="/files/GvbFAyyBdrgzCZQyvecU" alt=""><figcaption></figcaption></figure>

## Fuzzing

{% embed url="<https://www.postman.com/postman/test-examples-in-postman/documentation/5i9qmkl/fuzz-testing-with-blns>" %}

{% embed url="<https://medium.com/@Magii/fuzzing-with-postman-599dce6317c7>" %}

{% embed url="<https://github.com/minimaxir/big-list-of-naughty-strings/blob/master/blns.json>" %}

### Parameter Fuzzing

{% embed url="<https://danaepp.com/the-api-hackers-guide-to-payload-injection-with-postman>" %}

{% embed url="<https://www.optiv.com/insights/discover/blog/getting-started-postman-api-security-testing-part-2>" %}

{% embed url="<https://blog.postman.com/4-ways-enhance-exploratory-testing-with-postman/>" %}

Add variable to the request

<figure><img src="/files/UI9OpUo2ifwkT00JqNOz" alt=""><figcaption></figcaption></figure>

Set up the Collection Runner to use the request and a **payload** **CSV** file

<figure><img src="/files/RjeR5TK90QMQETeb00vJ" alt=""><figcaption></figcaption></figure>

## [Earn Free Crypto / BTC with Cointiply](https://cointiply.com/r/pkZxp)

[**Play Games Earn Cash Rewards**](https://cointiply.com/r/pkZxp)

<figure><img src="/files/a876wNYE568SJIfTZVxL" alt=""><figcaption></figcaption></figure>

## Interesting Books

{% content-ref url="/pages/VVT5FQq9z62bWoNAWCUS" %}
[Interesting Books](/0xss0rz/interesting-books.md)
{% endcontent-ref %}

{% hint style="info" %}
**Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.
{% endhint %}

* [**Hacking APIs: Breaking Web Application Programming Interfaces**](https://www.amazon.fr/dp/1718502443?tag=0xss0rz-21)\
  A crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
* [**Black Hat GraphQL: Attacking Next Generation APIs**](https://www.amazon.fr/dp/B0B7Q8BYG1?tag=0xss0rz-21)\
  This hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

## Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA)

[![buymeacoffee](https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png)](https://buymeacoffee.com/0xss0rz)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xss0rz.gitbook.io/0xss0rz/pentest/api/postman-usage.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.