ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2024-12-18 18:36:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4a2cbea5ca
AllAboutBugBounty/Misc/Exposed API keys.md

15 lines
920 B
Markdown
Raw Normal View History

Update structure each readme
2022-06-15 10:38:42 +00:00
# Exposed API Keys / Token OAuth
## Introduction
Sometimes in a web application, an attacker can find some exposed API keys / token which can lead to financial loss to a company.
## How to find
1. Find API keys / token by looking at the JavaScript code on the website
2. Find API keys / token by checking the request / response header
Major Update, adding some tips
2021-07-21 15:38:57 +00:00
## Tools
* [Key-Checker](https://github.com/daffainfo/Key-Checker)
Update structure each readme
2022-06-15 10:38:42 +00:00
# References
* [keyhacks](https://github.com/streaak/keyhacks) is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. There is 79 list of how to check the validity of the API keys
* [all-about-apikey](https://github.com/daffainfo/all-about-apikey) is a repository of detailed information about API Key / Oauth tokens. The repository contain description API key, HTTP request, the response if the API key is valid / no, regex, and the example
Reference in New Issue Copy Permalink