Checking connections to suspicious sites while we are browsing

Every day we visit a lot of sites on the Internet. Each of these sites have a lot of resources and do a lot of connections to external servers, but… how can we check for connections for suspicious sites? And how can we script some actions?


More →

Validating JWT Tokens in shell scripts

JWT Tokens are very popular as SSO authentication mechanism, for authorization and widely used in the Microservices paradigm. But have we really pay attention if JWT tokens are valid?


More →

Chaining BurpSuite and OWASP ZAP

BurpSuite is a nice tool but not Open Source, so not all their features are free. OWASP ZAP is an Open Source alternative but, sadly, it’s not so powerful as BurpSuite in some cases. But… why not to use both at the same time?


More →

Sending traffic to BurpSuite

In the previous post post we talked about how to store navigation traffic in a session file. Now we’ll use this file to send it to a proxy, like BurpSuite or OWASP ZAP Proxy


More →

Saving navigation session

Sometimes, you need to store a navigation session in a simple but standard format. APICheck proxy intercepts your navigation traffic and outputs it to the console. Then, you only need to redirect it to a file.


More →