search

streaak / keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
4.8k stars 997 forks source link

add apigee client id and secret #107

Open w1th0ut opened 2 years ago

w1th0ut commented 2 years ago

Hello, I have suggestion add apigee client id and secret. With client id and secret, we can gain full access to apigee service of that company who leak id and secret. No regex for hunting client id and secret but there is 

curl -I -H 'Content-Type: application/x-www-form-urlencoded' -X POST 'https://company.apigee.net/oauth/accesstoken' -d 'grant_type=client_credentials&client_id=xxx&client_secret=yyy'

Client id always longer than client secret.

{
    "token": "xxx",
    "access_token": "xxx",
    "issued_at": "00000",
    "expires_in": "00000"
}

Access token will look like jwt token, so decode it and find this:

{
  "access_token": "agGEHDkB7WRDYNbVJ1VVbAjzGTi4",
  "audience": "",
  "api_product_list": [
  ],

Use this key as bearer authorization to explore more deep.

But do not always following /oauth/accesstoken endpoint because some company using custom endpoint. Simple Regex to hunt apigee service of company: .*\.apigee\.net

reference: https://docs.apigee.com/api-platform/security/oauth/oauth-20-client-credentials-grant-type

streaak commented 2 years ago

Hey @w1th0ut, Could you create a PR and reference this issue?

Thanks