To get started with properly hacking an API and learning how they can be vulnerable, I think it's wise that we build our own API so that we can at least be sure we will not be sued unless we truely do not like ourselves 🙂. We will be building several vulnerable APIs in python and to do this we will be using Flask. Flask is a python webframework which will allow us to easily start a web application. The beauty of flask is that it's bearbones and does not require any external libraries. This means that pretty much any of our systems can run it. I would personally advice you to rent a VPS to do this on because that will stop you from worrying about all the networking and logistics of hosting a vulnerable API on your home network.
In this chapter you will be learning about what an API is, how to build one in a virtual python environment and how to hack it.
To start with, we will need to set up a virtual environment first. This is a place we can install our dependencies of a certain project on and keep them seperate from the other projects. This is very useful to keep oversight but also if you have one project that requires a certain version of an import while another project might need a much older and non-compatible version of that library.
mkdir "GoudAPI"
cd GoudAPI
python3 -m venv GoudAPI
mkdir myproject
cd myproject
py -3 -m venv GoudAPI
With these commands we are creating a venv (virtual enviornment) called GoudAPI which is marked by a new folder, now we have to swith to it.
. GoudAPI/bin/activate
GoudAPI\\Scripts\\activate
And now we can easily use pip to install flask
pip install Flask
Now that flask is installed, we can easily create our first vulnerable API.