Documentation
  • 🍻Intro
    • Why API Security is Critical?
    • Pynt at a Glance
    • Who Should Use Pynt?
  • 👩‍💻API Security Testing
    • Security Testing Overview
    • Prerequisites for Running Pynt Scans
    • How to Install Pynt CLI
    • How to install Pynt Binary (Linux only)
    • Pynt CLI Modes
      • 🔵Pynt Command CLI Mode
      • 🔵Pynt Listen CLI Mode
    • Pynt Security Tests Coverage
      • Business Logic Tests
      • Injection Tests
      • Authentication Bypass Tests
      • Mass Assignment Tests
      • Server-Side Request Forgery Tests
      • Stack Trace In Response
      • Lack of Resources and Rate Limiting
      • File Path Manipulation
      • GraphQL Introspection Vulnerability
      • GraphQL Alias Overloading
      • LLM APIs Vulnerabilities
      • Insecure Transport Scheme
      • Basic Authentication
      • HTTP Desynchronization (Desync) Attack
    • Sensitive Data Exposure Detection
    • Pynt Scans Troubleshooting
      • Pynt CLI Troubleshooting
      • Pynt for Postman Troubleshooting
        • Troubleshoot Pynt Container not Running Error
        • Troubleshoot Empty API Key Error
        • Troubleshoot Unauthorized API Key Error
        • Troubleshoot Collection Not Found Error
        • Troubleshoot Non-Unique Collection Name Error
        • Troubleshoot Empty Collection Identifier Error
        • Troubleshoot Unreachable Target Error
        • Troubleshoot Target Responds with Errors Error
        • Troubleshoot Unresolved Target Domain Error
        • Troubleshoot Unresolved Variable Error
        • Troubleshoot TLS Handshake Fail Error
        • Troubleshoot Few Requests Error
        • Troubleshoot One User Only Error
        • Troubleshoot Failed Assertions Error
    • How To
      • How to Run Business Logic Tests with Pynt
      • How to associate a Pynt scan to an Application in Pynt Dashboard
      • How to tag a scan in Pynt
    • Benchmarks
      • Pynt vs OWASP crAPI
  • 🤲Security Testing Integrations
    • 🟠Pynt with API Testing Tools
      • 🔘Pynt for Postman
        • Fork Pynt Collection
        • Run Pynt Container
        • Run Pynt in Postman
        • View Scan Results in Postman
      • 🔘Pynt for Insomnia
      • 🔘Pynt for ReadyAPI
    • 🟠Pynt with API Testing CLIs
      • 🔘Pynt for Newman (Postman CLI)
      • 🔘Pynt for TestRunner (ReadyAPI CLI)
    • 🟠Pynt with Testing Frameworks
      • 🔘Pynt for .NET (xUnit)
      • 🔘Pynt for Selenium
      • 🔘Pynt for Rest Assured
      • 🔘Pynt for Jest
      • 🔘Pynt for pytest
      • 🔘Pynt for Go
      • 🔘Pynt for JMeter
    • 🟠Pynt on CI/CD
      • ❗How to get Pynt ID for CI/CD Authentication
      • 🔘Pynt for GitHub Actions
      • 🔘Pynt for Azure DevOps Pipelines
      • 🔘Pynt for GitLab
      • 🔘Pynt for Jenkins
    • 🟠Pynt with Burp Suite
    • 🟠Pynt with Browsers
      • 🔘Pynt for Firefox Browser
    • 🟠Live Traffic Connectors
      • 🔘eBPF
        • 🔘Key Components
      • 🔘Traffic Mirroring
    • 🟠Advanced Pynt Examples
      • 🔘Pynt as a Standalone Container
      • 🔘Pynt with Prerecorded Har Files
      • 🔘Pynt with cURL
  • 🈸Applications View
    • Application View Overview
    • Manage Applications
      • Add Application
      • Delete Application
      • Rename Application
    • Manage Sources for API Discovery
      • Add Source
      • Delete Source
      • View Source Info
      • Source Categories
        • API Documentation
          • Swagger
          • Postman Collection
        • API Gateways
          • AWS API Gateway
          • Azure API Gateway
          • Kong API Gateway
          • GCP API Gateway
          • Gravitee API Gateway
        • Testing (API Security Scans)
        • Live Traffic
          • Data Collection with eBPF
          • ALB Traffic Capture with AWS Traffic Mirroring
        • Code Repository
    • Application Dashboard
    • Generate Pentest Report
  • 📚API Catalog
    • API Catalog Overview
    • Navigate API Catalog
      • Filtering API Catalog by Application
      • API Catalog Customization
      • API Related Info
      • APIs at Risk
    • Manage API Source Gaps
      • New APIs
      • Untested APIs
      • Shadow APIs
      • Undocumented APIs
    • View Detailed Endpoint Info
  • ⏪Scan History
    • Scan History Overview
    • Navigate Scan History
      • Associating Scans with Specific Application
      • Filtering by Application
      • Scan Related Info
      • Scan History Customization
    • View Detailed Scan Info
    • Associate Vulnerabilities to Tickets with JIRA
  • Account Management
    • Single Sign-On (SSO)
      • Setting up Okta
      • Setting up Entra ID
Powered by GitBook
On this page
  • What is HAR File
  • How to Record HAR Files
  • Using Google Chrome
  • Using Mozilla Firefox
  • Using Safari
  • Using Other Tools
  • Setup
  • Run Pynt CLI Command for HAR
  • Basic usage
  • Required arguments
  • Optional arguments
  • How to run Pynt with HAR file
  1. Security Testing Integrations
  2. Advanced Pynt Examples

Pynt with Prerecorded Har Files

Use Pynt with prerecorded HAR files to analyze and secure your APIs based on traffic data. Enhance your API security testing with detailed, traffic-based assessments.

PreviousPynt as a Standalone ContainerNextPynt with cURL

Last updated 8 months ago

🚀 At a Glance: Pynt allows you to use Prerecorded HAR Files for API security testing, providing a powerful way to assess testing environments or real-world API traffic. By importing HAR files into Pynt, you can run comprehensive security scans on captured traffic data, ensuring the Pynt's security tests leverages actual API usage.


What is HAR File

A HAR (HTTP Archive) file is a JSON-formatted file that logs a web browser's interaction with a site. It records all web requests and responses, including URLs, headers, body content, and the timing information for each resource. HAR files are used for analyzing network performance issues and troubleshooting website errors.


How to Record HAR Files

Recording HAR files can be done using various methods, depending on the browser or tool you are using. Here are the most common ways:


Using Google Chrome

  1. Open the Chrome menu (three dots) and select More tools > Developer tools.

  2. Go to the Network tab.

  3. Check the Preserve log box to save all interactions.

  4. Reproduce the issue you are encountering.

  5. Right-click within the Network tab and choose Save all as HAR with content.


Using Mozilla Firefox

  1. Open the menu (three horizontal bars) and select Web Developer > Network, or press Ctrl+Shift+E.

  2. Reproduce the issue on the site.

  3. Click the Save all as HAR icon to export the HAR file.


Using Safari

  1. Go to Safari > Preferences > Advanced and check the Show Develop menu in menu bar.

  2. From the Develop menu, select Show Web Inspector.

  3. Click the Network tab and reproduce the issue.

  4. Right-click the network items and select Export HAR.


Using Other Tools

  • WebPageTest: When running a test, select the Chrome tab and check the Capture Network Log option.

  • Fiddler: Can capture network traffic and export it as a HAR file.

  • Charles Proxy: Can also be used to generate HAR files from captured network traffic.

Each method varies slightly but ultimately serves the purpose of capturing web interactions to troubleshoot or analyze website performance issues.


Setup


Run Pynt CLI Command for HAR

Basic usage

pynt har --har <path to har file> --captured-domains <domain>

Required arguments

--har - Path to har file
--captured-domains - Pynt will scan only these domains and subdomains. For all domains write "*"

Optional arguments

--reporters - Output results to json
--application-id - Attach the scan to an application, you can find the ID in your applications area at app.pynt.io
--host-ca - Path to the CA file in PEM format to enable SSL certificate verification for pynt when running through a VPN.

How to run Pynt with HAR file

For example, running Pynt on a HAR file of goat:

Run Pynt:

pynt har --har goat.har --captured-domains  "*"

First, make sure Pynt's are met.

Follow the instructions to install Pynt container .

get the goat.har file

💡 Pynt CLI Troubleshooting: If you're encountering issues with Pynt's CLI, visit the for solutions and troubleshooting tips.

💡 Still Need Help? For any questions or troubleshooting, reach out to the .

🤲
🟠
🔘
prerequisites
here
here
Pynt CLI Troubleshooting Guide
Pynt Community Support
har
Pynt with HAR example