Cyber Skyline Live: Webapp Pentesting with Postman - November 2, 2023

Introduction

In this tutorial, you will learn how to leverage Postman for web application penetration testing. Postman is a powerful tool that allows you to send HTTP requests and analyze responses, making it an essential asset for discovering vulnerabilities like client-side authentication issues and SQL injection flaws. By the end of this guide, you will be equipped with the skills to enhance your pentesting capabilities beyond standard browser tools.

Step 1: Setting Up Postman

• Download and Install Postman

  • Visit the Postman website to download the application.
  • Install Postman following the prompts for your operating system.

• Create a Postman Account

  • Launch Postman and sign up for a free account if you don’t have one.
  • This will allow you to save your work and collaborate with others.

Step 2: Understanding the Postman Interface

• Familiarize with Key Features

  • Request Builder: This is where you will craft your HTTP requests.
  • Collections: Organize your requests into collections for easier management.
  • History: Access your previous requests for quick reference.

• Set Up a New Request

  • Click on the “New” button and select “HTTP Request.”
  • Choose the request type (GET, POST, PUT, DELETE, etc.) based on your testing needs.

Step 3: Crafting Your First HTTP Request

• Enter the Target URL

  • Input the web application URL you want to test in the request URL field.

• Add Headers and Parameters

  • Use the "Headers" tab to add necessary headers (like Content-Type).
  • For GET requests, you can add query parameters directly in the URL or under the "Params" tab.

• Send the Request

  • Click the “Send” button to dispatch your HTTP request.
  • Observe the response returned by the server in the lower panel.

Step 4: Testing for Vulnerabilities

• Client-Side Authentication

  • Modify the request to test for authentication bypass by altering parameters or headers.
  • Look for unexpected behavior or access to restricted resources.

• SQL Injection Testing

  • In the request body or parameters, insert SQL injection payloads such as:

    ' OR '1'='1
    

  • Monitor the response for signs of successful injection, such as error messages or unexpected data.

Step 5: Automating Tests with Collections

• Create a Collection for Your Tests

  • Click “New” and select “Collection” to create a folder for your related requests.

• Add Requests to Your Collection

  • Drag and drop your crafted requests into the collection for organization.

• Run Collection Runner

  • Use the Collection Runner feature to execute multiple requests in sequence, which is useful for testing workflows.

Step 6: Analyzing Responses and Gathering Insights

• Inspect HTTP Responses

  • Look for status codes (200, 404, 500, etc.) to understand application behavior.
  • Analyze response bodies for data leaks or unexpected contents.

• Utilize Postman’s Testing Features

  • Write tests in the "Tests" tab to automate checks for expected responses.
  • Example test script:

    pm.test("Status code is 200", function () {
        pm.response.to.have.status(200);
    });
    

Conclusion

By following these steps, you have equipped yourself with the fundamental skills to use Postman for web application pentesting. You can now craft and send HTTP requests, test for vulnerabilities, automate your testing processes, and analyze server responses effectively. As a next step, consider delving deeper into advanced testing techniques and exploring Postman’s integration capabilities with other security tools. Happy testing!