Community

About

This application is a secure API Read-Only Security Tester designed for testing API endpoints that only support read operations (GET requests). It provides a user-friendly interface for configuring and sending requests while enforcing strict safety controls to prevent data modification. Users can select or enter the API endpoint they wish to test, ensuring that only read-only endpoints are permitted. The application allows for the inclusion of a resource ID, which can be synthetic or test IDs to avoid affecting real data. Additionally, users can add any necessary query parameters and provide a valid JWT token for authentication, with a test token available for reconnaissance purposes. The app features a customizable JSON input for adding custom headers, with validation to ensure only allowed headers are accepted. It also includes a debug mode that provides additional information such as replay URLs and trace context for deeper analysis. Key features of the application include: - Read-Only Enforcement: Only GET requests are allowed, preventing any data modification. - Safety Bypass: This feature allows users to bypass safety restrictions for specific resource IDs, although it should be used with caution. - Request Logging: All requests are logged for security analysis and auditing. - JWT Utility: A built-in tool for decoding, analyzing, and creating JWT tokens for testing purposes. The application is built using React and TypeScript, leveraging various UI components for a responsive design. It utilizes libraries such as Radix UI for tabs and select components, and Lucide for icons. The backend is powered by Next.js, which handles API requests and responses, including CORS configuration and error handling. To use the application, users simply fill out the configuration form with the desired endpoint, resource ID, query parameters, JWT token, and custom headers, then click the "Send" button to initiate the request. The response is displayed in a structured format, including status codes, response bodies, and any errors encountered during the process. educational purposes only. use on your own responsibility.