API 攻擊面分析

API 的六大攻擊面

1. 端點發現 → 找出隱藏 API
2. 認證繞過 → 繞過 JWT / API Key
3. 授權缺陷 → IDOR、水平/垂直提權
4. 輸入驗證 → SQLi、NoSQLi、Command Injection
5. 速率限制 → 暴力破解、DDoS
6. 資訊洩露 → 錯誤訊息、回應過多資料

Vibe Prompt

「幫我建立一個 API 安全掃描腳本:測試目標 API 的认证繞過、IDOR、SQL Injection。」

import requests

class APIScanner:
    def __init__(self, base_url):
        self.base_url = base_url
        self.results = []
    
    def test_idor(self, endpoint, auth_token):
        """測試 IDOR 漏洞"""
        headers = {"Authorization": f"Bearer {auth_token}"}
        
        # 嘗試存取其他用戶的資源
        for user_id in [1, 2, 3, 100, 999]:
            r = requests.get(f"{self.base_url}{endpoint}/{user_id}", headers=headers)
            if r.status_code == 200:
                self.results.append({
                    "type": "IDOR",
                    "endpoint": f"{endpoint}/{user_id}",
                    "status": r.status_code,
                    "risk": "高" if user_id != 1 else "低"
                })
    
    def test_sqli(self, endpoint):
        """測試 SQL Injection"""
        payloads = ["'", "\"", "' OR '1'='1", "' UNION SELECT * FROM users--"]
        for payload in payloads:
            r = requests.get(f"{self.base_url}{endpoint}?id={payload}")
            if any(err in r.text.lower() for err in ["sql", "syntax", "mysql", "unexpected"]):
                self.results.append({
                    "type": "SQL Injection",
                    "payload": payload,
                    "status": r.status_code,
                    "risk": "嚴重"
                })
    
    def run(self):
        print(f"掃描目標: {self.base_url}")
        self.test_idor("/api/users", "test_token_123")
        self.test_sqli("/api/search")
        
        if self.results:
            print(f"\n發現 {len(self.results)} 個漏洞!")
            for r in self.results:
                print(f"  [{r['risk']}] {r['type']}: {r.get('endpoint', r.get('payload', ''))}")
        else:
            print("\n未發現明顯漏洞")

scanner = APIScanner("http://test-server.com")
scanner.run()

會員專屬免費教學

本章節為註冊會員專屬的免費開放內容!請先登入或註冊會員,即可立即解鎖閱讀。

立即登入 / 註冊