Run Pynt API security tests from Insomnia API testing application


Insomnia is a powerful open-source API client that allows developers to send HTTP requests and view responses. Designed to help debug, test, and develop APIs, Insomnia offers features like request chaining, environment variables, authentication helpers, and code generation. It supports REST, GraphQL, and gRPC protocols, making it a versatile tool for API development and testing.

Pynt API Security testing with Insomnia

Download insomnia_goat.json functional test and import into Insomnia

In this example we will use pynt listen and set it to capture all domains (no filter)

pynt listen --captured-domains "*"

Configuring Insomnia to Use Pynt as a Proxy

  1. Open Insomnia.

  2. Navigate to the settings by clicking on "Preferences" or use the shortcut Ctrl+, (Cmd+, on macOS).

  3. In the Preferences window, go to the "Proxy" tab.

  4. Check the option "Enable HTTP Proxy".

  5. Set the "HTTP Proxy" field to and the "Port" to 6666, which matches the Pynt listening address and port.

  6. If you're working with HTTPS requests, also check "Enable HTTPS Proxy" and use the same proxy settings.

  7. Close the Preferences window and proceed with your API requests as usual.

We will see the following output, meaning Pynt is listening on port 6666 for incoming traffic

Run the goat tests on Insomnia, All the HTTP and HTTPS requests from Insomnia will now be routed through Pynt. When done, return to the terminal and hit Enter to start Pynt scan on the traffic generated by Insomnia

When scan is complete the Pynt report will open in the browser

Last updated