kulinacs
commented
5 years ago I don't know honestly. All the work I did was via Burp, copying the API usage from the website directly.
Open cyc115 opened 5 years ago
kulinacs
commented
5 years ago I don't know honestly. All the work I did was via Burp, copying the API usage from the website directly.
Thanks for the library @kulinacs.
Had a very quick run through of the code and saw the API token is send in the url params. Do you know if HTB takes API token in the body of a post request?
HTTPS encrypts the url params as well as the request body so this is minor, but a lot of times url + params are logged in plaintext server side but post bodies are rarely logged.