🔘Pynt for Firefox Browser

Integrate Pynt with Firefox for seamless API security testing. Automate and enhance your API protection directly within the Firefox browser.

🚀 At a Glance: Pynt integrates directly with Firefox, enabling real-time API security testing as you browse. This seamless integration monitors API traffic, automatically generating context-aware security tests.


Capturing traffic from Firefox Browser

Pynt can also conduct an API security scan on traffic generated from Firefox in an interactive mode, following these steps:

  • Configure Firefox to route traffic through Pynt.

  • Run Pynt using the command: pynt listen --captured-domains <domain of the APIs that need to be tested>.

  • Browse the site that will be tested by Pynt.

  • Press Enter on Pynt to start the scan.


Steps to Run Pynt with Firefox

Use the following steps to integrate Pynt with Firefox browser:


Configure Firefox to Record Traffic

  • Open Firefox and go to the settings to configure the proxy through which Pynt can capture the traffic.

If your target is localhost as in the example, go to about:config and modify the network.proxy.allow_hijacking_localhost parameter to True


Configure Firefox to Import Pynt's proxy certificate

  • The first time you execute pynt listen, Pynt stores the certificates in ~/.pynt/cert.

  • Import the mitmproxy-ca-cert.cer into Firefox


Example on OWASP crAPI

For this example we will use Pynt listen and set it to capture localhost traffic:

pynt listen --captured-domains localhost

For this example we will test with traffic to OWASPs crAPI application running locally on localhost:8888

Now on Firefox set the url to http://localhost:8888 and do various actions on crAPI web pages

After finishing browsing the site, return to the terminal where Pynt is running and press Enter to start the Pynt scan.


💡 Need Help? For any questions or troubleshooting, reach out to the Pynt Community Support.

Last updated