Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WADL API - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#api
Description

What is the "WADL API - Detect?" module?

The "WADL API - Detect" module is designed to detect the presence of a WADL API. WADL (Web Application Description Language) is an XML-based language used to describe the capabilities of a web service. This module targets WADL APIs and checks for misconfigurations or vulnerabilities that may be present.

This module has an informative severity level, meaning it provides valuable information but does not indicate a critical security issue.

This module was authored by 0xrudra and manuelbua.

Impact

The impact of the "WADL API - Detect" module is primarily informational. It helps identify the presence of a WADL API and provides insights into potential misconfigurations or vulnerabilities that may exist. By detecting these issues, organizations can take appropriate actions to secure their WADL APIs and prevent potential exploitation.

How does the module work?

The "WADL API - Detect" module works by sending HTTP requests to specific paths associated with WADL APIs. It then applies matching conditions to analyze the responses and determine if the API matches the expected patterns.

For example, the module sends GET requests to paths such as "/application.wadl" and "/api/application.wadl" to check for the presence of a simplified WADL with user and core resources. It also sends OPTIONS requests to paths like "/api/v1" and "/api/v2" to gather additional information about the API.

The module uses matchers, such as the "http-get" and "http-options" matchers, to search for specific words or phrases in the responses. If the expected patterns are found, the module reports the detection of a WADL API.

It is important to note that this module does not perform any active exploitation or modification of the target system. It solely focuses on detecting the presence of a WADL API and providing information about its configuration.

For more information, you can refer to the following references:

- https://github.com/dwisiswant0/wadl-dumper - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/

Module preview

Concurrent Requests (2)
1. HTTP Request template
GET/application.wadl/application.wadl?de.../api/application.wad...(+2 paths)
Matching conditions
word: This is simplified WADL with user and co...
2. HTTP Request template
OPTIONS/api/v1/api/v2
Matching conditions
word: This is simplified WADL with user and co...
Passive global matcher
No matching conditions.
On match action
Report vulnerability