🔘Firefox

Pynt can also conduct an API security scan on traffic generated from Firefox in an interactive mode, following these steps:

  • Configure Firefox to route traffic through Pynt.

  • Run Pynt using the command: pynt listen --captured-domains <domain of the APIs that need to be tested>.

  • Browse the site that will be tested by Pynt.

  • Press Enter on Pynt to start the scan.

Steps to Run Pynt with Firefox

  1. Configure Firefox to Record Traffic:

    • Open Firefox and go to the settings to configure the proxy through which Pynt can capture the traffic.

    If your target is localhost as in the example, go to about:config and modify the network.proxy.allow_hijacking_localhost parameter to True

  1. Configure Firefox to Import Pynt's proxy certificate

    • The first time you execute pynt listen, Pynt stores the certificates in ~/.pynt/cert.

    • Import the mitmproxy-ca-cert.cer into Firefox

Example on OWASP crAPI:

For this example we will use Pynt listen and set it to capture localhost traffic:

pynt listen --captured-domains localhost

For this example we will test with traffic to OWASPs crAPI application running locally on localhost:8888

Now on Firefox set the url to http://localhost:8888 and do various actions on crAPI web pages

After finishing browsing the site, return to the terminal where Pynt is running and press Enter to start the Pynt scan.

PreviousPynt with browsersNextAdvanced Pynt examples

Last updated