or Create a profile

Home Questions

Scanning REST Application

John's Avatar

John

06 May, 2015 10:28 AM

Hi. Is it possible to scan REST application which uses AngularJS on client side, so requests and responses contains only json data?

  1. Support Staff 1 Posted by Tasos Laskos on 06 May, 2015 10:42 AM

    Tasos Laskos's Avatar

    Hello,

    There are no service crawlers at the moment but if you have a REST test suite you can proxy its requests via Arachni's proxy so that it can learn the input vectors and then audit them.

    You can setup Arachni's proxy like so:

    ./bin/arachni http://target-url --plugin=proxy

    The default URL will be: http://localhost:8282

    You can then export it prior to running your test suite and if it respects the env variable (as it should) the requests will go through Arachni.

    export http_proxy=http://localhost:8282

    Then, in Arachni's terminal you'll see something like:

    [*] Proxy: Requesting http://target-url/my-resource
[~] Proxy:  *  0 forms
[~] Proxy:  *  0 links
[~] Proxy:  *  0 cookies
[~] Proxy:  *  1 JSON
[~] Proxy:  *  0 XML

    You can debug the proxy manually via simple curl commands, like so:

    http_proxy=http://localhost:8282 curl -H "Content-Type: application/json" -X POST -d '{ "input": "value" }' http://target-url/my-resource

    Once everything is done, you need to shutdown the proxy so that the scan will start:

    http_proxy=http://localhost:8282 curl http://arachni.proxy/shutdown

    I think this pretty much covers it, let me know if you require further assistance.

    Cheers

  2. Support Staff 2 Posted by Tasos Laskos on 06 May, 2015 10:45 AM

    Tasos Laskos's Avatar

    I forgot to mention, you may want to cherry pick the checks you load, in this case ones that look for files and directories will be irrelevant so they should be skipped.

  3. Support Staff 3 Posted by Tasos Laskos on 06 May, 2015 01:05 PM

    Tasos Laskos's Avatar

  4. 4 Posted by John on 06 May, 2015 01:59 PM

    John's Avatar

    Thanks a lot, it should help.

  5. Tasos Laskos closed this discussion on 06 May, 2015 02:03 PM.

Comments are currently closed for this discussion. You can start a new one.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from Arachni or the discussion starter are required.

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and Arachni support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

14 Jan, 2026 02:48 AM New Member Introduction – Happy to Join the Community
01 Dec, 2025 12:58 AM New Member Introduction – Happy to Join the Community
27 Sep, 2025 02:57 AM Best Deals with United Airlines Official Site
28 Jul, 2025 05:19 AM +971_568044699 )][(────୨( )Abortion pills in Ajman
14 Apr, 2025 04:47 PM REMOTE ACCESS

Recent Articles

Optimizing for faster scans
Service scanning
Software as a Service (Saas)