Short Snort: How to Find Undocumented APIs

November 20, 2024

This essay is the work of a dumb dinobaby. No smart software required.

The essay / how to “All the Data Can Be Yours” does a very good job of providing a hacker road map. The information in the write up includes:

Tips for finding undocumented APIs in GitHub
Spotting “fetch” requests
WordPress default APIs
Information in robots.txt files
Using the Google
Examining JavaScripts
Poking into mobile apps
Some helpful resources and tools.

Each of these items includes details; for example, specific search strings and “how to make a taco” type of instructions. Assembling this write up took quite a bit of work.

Those engaged in cyber security (white, gray, and black hat types) will find the write up quite interesting.

I want to point out that I am not criticizing the information per se. I do want to remind those with a desire to share their expertise of three behaviors:

Some computer science and programming classes in interesting countries use this type of information to provide students with what I would call hands on instruction
Some governments, not necessarily aligned with US interests, provide the tips to the employees and contractors to certain government agencies to test and then extend the functionalities of the techniques presented in the write up
Certain information might be more effectively distributed in other communication channels.

Stephen E Arnold, November 20, 2024

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, News

Comments

Got something to say?

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.