1
00:00:00,330 --> 00:00:01,290
‫Instructor: Hi.

2
00:00:01,290 --> 00:00:03,180
‫Within this lecture we are gonna see

3
00:00:03,180 --> 00:00:06,480
‫how to install and use Postman.

4
00:00:06,480 --> 00:00:08,820
‫Now that we have the Burp Suite,

5
00:00:08,820 --> 00:00:12,600
‫we need one last thing to start pentesting

6
00:00:12,600 --> 00:00:14,970
‫on our vulnerable API.

7
00:00:14,970 --> 00:00:16,893
‫And that is the Postman.

8
00:00:18,120 --> 00:00:20,550
‫So far, our vAPI is working

9
00:00:20,550 --> 00:00:23,520
‫so there's nothing left to do over here.

10
00:00:23,520 --> 00:00:26,280
‫So what I'm gonna do, I'm gonna go into Google

11
00:00:26,280 --> 00:00:29,190
‫and search for Postman like this.

12
00:00:29,190 --> 00:00:31,590
‫So Postman and of course,

13
00:00:31,590 --> 00:00:34,470
‫you can just write Postman Download and something like that,

14
00:00:34,470 --> 00:00:37,773
‫but it's very simple, it's postman.com.

15
00:00:38,760 --> 00:00:40,650
‫So what is Postman?

16
00:00:40,650 --> 00:00:45,650
‫Postman is an actually tool that lets us send requests

17
00:00:45,750 --> 00:00:48,870
‫and get some responses back from a server

18
00:00:48,870 --> 00:00:53,400
‫or from an end point from an API and analyze them.

19
00:00:53,400 --> 00:00:56,610
‫It sounds a lot like Burp Suite, I know that

20
00:00:56,610 --> 00:01:00,960
‫but they have completely different purposes.

21
00:01:00,960 --> 00:01:04,770
‫In Burp Suite, we generally do penetration tests,

22
00:01:04,770 --> 00:01:07,380
‫we interrupt or intercept the request

23
00:01:07,380 --> 00:01:12,240
‫and then we manipulate them, and we observe the changes.

24
00:01:12,240 --> 00:01:14,760
‫And we can do something like brute forcing

25
00:01:14,760 --> 00:01:17,070
‫or encrypting on decrypting.

26
00:01:17,070 --> 00:01:20,100
‫In Postman, we don't do that kind of stuff.

27
00:01:20,100 --> 00:01:24,180
‫We simply send requests and get some responses back.

28
00:01:24,180 --> 00:01:26,010
‫And it's a crucial tool

29
00:01:26,010 --> 00:01:30,180
‫in order to create APIs and also test APIs.

30
00:01:30,180 --> 00:01:33,360
‫If you're a web developer or a mobile application developer,

31
00:01:33,360 --> 00:01:37,140
‫I am pretty certain that you have used Postman before.

32
00:01:37,140 --> 00:01:39,990
‫So if you have the post on your computer

33
00:01:39,990 --> 00:01:41,490
‫up and running right now,

34
00:01:41,490 --> 00:01:43,680
‫maybe you can just fast forward a little bit

35
00:01:43,680 --> 00:01:46,410
‫and just see how to import the JSON file

36
00:01:46,410 --> 00:01:50,220
‫that comes with the resources of this vAPI challenge

37
00:01:50,220 --> 00:01:51,840
‫and then go along.

38
00:01:51,840 --> 00:01:55,200
‫But if you are new to Postman, then just stick with me

39
00:01:55,200 --> 00:01:57,660
‫and see how to download it and install it.

40
00:01:57,660 --> 00:02:02,010
‫And in fact, it is not that hard to download and install it.

41
00:02:02,010 --> 00:02:04,950
‫You can just come over here to postman.com

42
00:02:04,950 --> 00:02:07,380
‫and you can see the product over here.

43
00:02:07,380 --> 00:02:09,940
‫Of course, there is like a free version

44
00:02:10,841 --> 00:02:14,010
‫and some options, paid options as well.

45
00:02:14,010 --> 00:02:16,650
‫We're gonna completely use the free version.

46
00:02:16,650 --> 00:02:19,920
‫And in fact, you can use the web version,

47
00:02:19,920 --> 00:02:23,940
‫web interface of the Postman without even downloading it

48
00:02:23,940 --> 00:02:25,743
‫but I'm going to download it.

49
00:02:26,640 --> 00:02:31,640
‫So I'm going to show you how to use the web version as well.

50
00:02:31,770 --> 00:02:34,800
‫So if you take a look at the tools section,

51
00:02:34,800 --> 00:02:38,370
‫you can see why we use the Postman.

52
00:02:38,370 --> 00:02:43,020
‫For example, we can use Postman to test our APIs.

53
00:02:43,020 --> 00:02:47,100
‫So we can send requests, we can get responses back,

54
00:02:47,100 --> 00:02:50,490
‫we can actually write headers and parameters,

55
00:02:50,490 --> 00:02:54,720
‫and also, we can design the APIs inside of the Postman

56
00:02:54,720 --> 00:02:57,750
‫so that it would be much more structural.

57
00:02:57,750 --> 00:03:01,110
‫We can write documentation, we can do testing,

58
00:03:01,110 --> 00:03:04,050
‫we can actually use mock servers

59
00:03:04,050 --> 00:03:07,080
‫in order to test the APIs and endpoints.

60
00:03:07,080 --> 00:03:09,300
‫We can monitor what's going on

61
00:03:09,300 --> 00:03:11,640
‫and we can detect the APIs as well.

62
00:03:11,640 --> 00:03:13,560
‫So it's a very good platform.

63
00:03:13,560 --> 00:03:16,680
‫It's all in one solution for the APIs.

64
00:03:16,680 --> 00:03:18,300
‫And if you go over here,

65
00:03:18,300 --> 00:03:22,830
‫you can try the test version, try the web version.

66
00:03:22,830 --> 00:03:26,490
‫Web interface and you don't even need to download it.

67
00:03:26,490 --> 00:03:30,120
‫But I suggest you download it because it's a very good tool.

68
00:03:30,120 --> 00:03:33,600
‫It's a good tool to have it on your computer

69
00:03:33,600 --> 00:03:38,250
‫and you can actually create a free account and that's it.

70
00:03:38,250 --> 00:03:41,370
‫When you go to postman.com/download,

71
00:03:41,370 --> 00:03:44,160
‫you will see that you can download it

72
00:03:44,160 --> 00:03:47,550
‫for your own specific operating system.

73
00:03:47,550 --> 00:03:50,940
‫Right now, I'm going to choose Mac Intel Chip

74
00:03:50,940 --> 00:03:53,520
‫because that is why I'm using right now.

75
00:03:53,520 --> 00:03:57,240
‫But if you're using something else, then just download it.

76
00:03:57,240 --> 00:03:59,640
‫If it is compatible with Windows,

77
00:03:59,640 --> 00:04:02,220
‫it is compatible with Linux.

78
00:04:02,220 --> 00:04:06,660
‫But this is one of the reasons why we are doing this section

79
00:04:06,660 --> 00:04:08,760
‫inside of our own host machines

80
00:04:08,760 --> 00:04:10,650
‫rather than the Kali Linux.

81
00:04:10,650 --> 00:04:14,100
‫I haven't tried Postman on Kali Linux yet.

82
00:04:14,100 --> 00:04:17,790
‫I am pretty certain that it works, but I'm very certain

83
00:04:17,790 --> 00:04:21,360
‫that it works on Mac and Windows without any issues.

84
00:04:21,360 --> 00:04:26,040
‫Furthermore, we don't need any kind of functionality

85
00:04:26,040 --> 00:04:27,360
‫from Kali Linux as well.

86
00:04:27,360 --> 00:04:30,330
‫Postman and Burp Suite will be okay for us.

87
00:04:30,330 --> 00:04:33,450
‫So make sure you download this Postman app.

88
00:04:33,450 --> 00:04:35,880
‫And if it asks for you to sign up,

89
00:04:35,880 --> 00:04:38,310
‫please make sure you sign up as well.

90
00:04:38,310 --> 00:04:41,850
‫There is nothing special you have to do about installing it.

91
00:04:41,850 --> 00:04:45,480
‫Just double click on it and hit next, next, next

92
00:04:45,480 --> 00:04:48,090
‫give the necessary permissions and it's okay.

93
00:04:48,090 --> 00:04:49,353
‫It's gonna be okay.

94
00:04:50,520 --> 00:04:53,190
‫So what I'm going to do, I'm going to open the Postman

95
00:04:53,190 --> 00:04:55,320
‫and show you what it looks like.

96
00:04:55,320 --> 00:04:58,320
‫So right now, I can just minimize this

97
00:04:58,320 --> 00:05:02,100
‫and I'm going to delete the certificate as well.

98
00:05:02,100 --> 00:05:04,893
‫I'm going to search for Postman and just open it.

99
00:05:05,790 --> 00:05:09,510
‫So feel free to pause the video, download the Postman,

100
00:05:09,510 --> 00:05:11,910
‫install the Postman and open it.

101
00:05:11,910 --> 00:05:15,720
‫Once you open it, it will probably ask you to sign up

102
00:05:15,720 --> 00:05:20,720
‫and after you sign up freely or without paying anything,

103
00:05:21,000 --> 00:05:24,360
‫you can just go in a dashboard like this.

104
00:05:24,360 --> 00:05:29,360
‫So this user interface changes from time to time.

105
00:05:29,370 --> 00:05:32,760
‫It gets updated, but you will see

106
00:05:32,760 --> 00:05:36,390
‫this kind of menus every time.

107
00:05:36,390 --> 00:05:39,360
‫Right now, I have this vAPI collection over here.

108
00:05:39,360 --> 00:05:41,490
‫I'm going to delete it.

109
00:05:41,490 --> 00:05:44,400
‫I have tried it before so I'm going to delete it

110
00:05:44,400 --> 00:05:47,400
‫so that you can see how to import it as well.

111
00:05:47,400 --> 00:05:49,520
‫So this is a workspace.

112
00:05:49,520 --> 00:05:54,180
‫In a workspace, you can import the API documentation

113
00:05:54,180 --> 00:05:56,670
‫or endpoints, you can test them,

114
00:05:56,670 --> 00:06:00,570
‫you can create them, and so much more.

115
00:06:00,570 --> 00:06:03,510
‫And on the left-hand side, we see the collections

116
00:06:03,510 --> 00:06:07,470
‫we see the API module, we see environments.

117
00:06:07,470 --> 00:06:09,090
‫I'm going to delete this as well.

118
00:06:09,090 --> 00:06:12,120
‫I'm going to talk about what an environment is later on.

119
00:06:12,120 --> 00:06:13,260
‫Don't worry about it.

120
00:06:13,260 --> 00:06:15,030
‫Right now, it is empty.

121
00:06:15,030 --> 00:06:18,510
‫We see other stuff, but basically, we will work

122
00:06:18,510 --> 00:06:20,880
‫on collections most of the time.

123
00:06:20,880 --> 00:06:24,630
‫In collections, you can create a collection of your own

124
00:06:24,630 --> 00:06:28,890
‫like for different endpoints of this vAPI.

125
00:06:28,890 --> 00:06:30,930
‫As you can see, there are 10 APIs

126
00:06:30,930 --> 00:06:33,510
‫in this vulnerable API CTF.

127
00:06:33,510 --> 00:06:37,440
‫You can create it one by one yourself.

128
00:06:37,440 --> 00:06:40,470
‫But the in order to be convenient,

129
00:06:40,470 --> 00:06:45,210
‫this vAPI, guys gave us the JSON as a resource.

130
00:06:45,210 --> 00:06:47,130
‫So as you can see, there are endpoints

131
00:06:47,130 --> 00:06:50,130
‫over here like post this, get this.

132
00:06:50,130 --> 00:06:52,560
‫So rather than dealing with this,

133
00:06:52,560 --> 00:06:55,500
‫we are going to just import this thingy

134
00:06:55,500 --> 00:06:58,263
‫and make it compatible with our own server.

135
00:06:59,340 --> 00:07:03,960
‫I'm going to show you how to run one of these things.

136
00:07:03,960 --> 00:07:08,584
‫For example, if we go to my IP address

137
00:07:08,584 --> 00:07:12,780
‫/vapi/api1 and user for example,

138
00:07:12,780 --> 00:07:15,390
‫nothing happens because it's supposed to request.

139
00:07:15,390 --> 00:07:17,850
‫We need to send some parameters along with it.

140
00:07:17,850 --> 00:07:19,890
‫But if we do kind of a get request,

141
00:07:19,890 --> 00:07:21,924
‫we may get something out of it.

142
00:07:21,924 --> 00:07:25,590
‫Sending a request is nothing more

143
00:07:25,590 --> 00:07:29,313
‫than sending or just browsing through that link.

144
00:07:30,420 --> 00:07:31,560
‫As you can see, it asks

145
00:07:31,560 --> 00:07:35,250
‫for an API ID over here, let me just test this.

146
00:07:35,250 --> 00:07:39,450
‫So I'm gonna go over here and try to get the first user.

147
00:07:39,450 --> 00:07:44,450
‫And it gives me 404, but you get the point.

148
00:07:44,610 --> 00:07:46,860
‫Rather than just browsing here,

149
00:07:46,860 --> 00:07:51,860
‫rather than pasting these endpoints to my URL like this,

150
00:07:51,900 --> 00:07:55,380
‫we are going to send it via Postman

151
00:07:55,380 --> 00:07:58,320
‫and we can send the parameters and headers

152
00:07:58,320 --> 00:08:02,460
‫and all the necessary information along with this request.

153
00:08:02,460 --> 00:08:04,650
‫So that it will actually work.

154
00:08:04,650 --> 00:08:08,460
‫Because if we go to this URL on our browser, as you can see,

155
00:08:08,460 --> 00:08:10,830
‫we are not sending the required parameters,

156
00:08:10,830 --> 00:08:12,930
‫so it doesn't work.

157
00:08:12,930 --> 00:08:15,390
‫So that's exactly what we're gonna do.

158
00:08:15,390 --> 00:08:17,160
‫Let me show you how to do it.

159
00:08:17,160 --> 00:08:20,010
‫Go into the resources, no, not the resources

160
00:08:20,010 --> 00:08:22,200
‫go into the Postman folder.

161
00:08:22,200 --> 00:08:24,780
‫Inside of the Postman folder, you will see,

162
00:08:24,780 --> 00:08:26,880
‫there are two JSONs.

163
00:08:26,880 --> 00:08:28,440
‫First of which is the environment

164
00:08:28,440 --> 00:08:30,810
‫and second of which is the collection.

165
00:08:30,810 --> 00:08:34,080
‫So right now, I'm going to find a way to import them.

166
00:08:34,080 --> 00:08:37,680
‫So I'm inside of the collection tab at left-hand side.

167
00:08:37,680 --> 00:08:38,550
‫What I'm going to do,

168
00:08:38,550 --> 00:08:41,910
‫I'm going to click on this plus button,

169
00:08:41,910 --> 00:08:43,200
‫it creates a new collection.

170
00:08:43,200 --> 00:08:44,070
‫Let me delete that.

171
00:08:44,070 --> 00:08:46,230
‫It was not a good idea.

172
00:08:46,230 --> 00:08:47,490
‫I believe we can delete that

173
00:08:47,490 --> 00:08:51,540
‫and I believe we can just go to menu from file

174
00:08:51,540 --> 00:08:54,810
‫and say something like import, here you go.

175
00:08:54,810 --> 00:08:57,560
‫So I'm going to delete this new collection.

176
00:08:57,560 --> 00:08:59,340
‫I'm not going to use it.

177
00:08:59,340 --> 00:09:00,750
‫I'm going to go to the menu

178
00:09:00,750 --> 00:09:04,950
‫and say import and choose the file from my computer.

179
00:09:04,950 --> 00:09:07,470
‫You can also drag and drop obviously,

180
00:09:07,470 --> 00:09:12,360
‫but I'm going to go into the desktop and to Postman,

181
00:09:12,360 --> 00:09:15,750
‫and not the environment one, but the collection one.

182
00:09:15,750 --> 00:09:18,840
‫I'm going to choose the collection and say import.

183
00:09:18,840 --> 00:09:21,750
‫Once I do that, it'll appear over here like this.

184
00:09:21,750 --> 00:09:24,510
‫And as you can see, once you click on it,

185
00:09:24,510 --> 00:09:29,460
‫you can see the API1, API2, API3.

186
00:09:29,460 --> 00:09:30,810
‫we are gonna see how to use it

187
00:09:30,810 --> 00:09:33,000
‫but I'm going to import this one more time

188
00:09:33,000 --> 00:09:36,150
‫because I'm going to import the environment again.

189
00:09:36,150 --> 00:09:38,220
‫So what is the environment?

190
00:09:38,220 --> 00:09:39,870
‫We're gonna talk about it, don't worry about it.

191
00:09:39,870 --> 00:09:41,460
‫If you go to environment section,

192
00:09:41,460 --> 00:09:44,070
‫you can see the environment over here.

193
00:09:44,070 --> 00:09:47,310
‫So in the collections, go to the API1.

194
00:09:47,310 --> 00:09:49,920
‫And as you can see, we can see the get user,

195
00:09:49,920 --> 00:09:54,240
‫create user, update user along with the URL.

196
00:09:54,240 --> 00:09:55,950
‫So this is it.

197
00:09:55,950 --> 00:09:57,030
‫This is the URL

198
00:09:57,030 --> 00:09:59,760
‫and once I give the necessary information,

199
00:09:59,760 --> 00:10:03,720
‫I can hit the send button and it will send a request for me.

200
00:10:03,720 --> 00:10:06,900
‫Right now, if I send this request, it won't work

201
00:10:06,900 --> 00:10:09,660
‫because it doesn't have the necessary information.

202
00:10:09,660 --> 00:10:11,700
‫We haven't given it yet.

203
00:10:11,700 --> 00:10:12,750
‫But as you can see,

204
00:10:12,750 --> 00:10:16,380
‫we get the error and we can just do something accordingly

205
00:10:16,380 --> 00:10:18,060
‫to solve this problem.

206
00:10:18,060 --> 00:10:19,980
‫For example, if I click over here,

207
00:10:19,980 --> 00:10:24,870
‫if I hover over the host, it says that unresolved variable.

208
00:10:24,870 --> 00:10:26,880
‫So what does it mean?

209
00:10:26,880 --> 00:10:28,920
‫It means that I have to come over here

210
00:10:28,920 --> 00:10:31,800
‫and give my IP address rather than host

211
00:10:31,800 --> 00:10:33,453
‫but I'm not going to do that.

212
00:10:34,410 --> 00:10:36,360
‫I'm not gonna do that.

213
00:10:36,360 --> 00:10:40,410
‫Because every time I go into any API over here,

214
00:10:40,410 --> 00:10:41,520
‫like any endpoint,

215
00:10:41,520 --> 00:10:45,750
‫I will have to do that if I just change it manually.

216
00:10:45,750 --> 00:10:49,110
‫As you can see, it all has the host variable.

217
00:10:49,110 --> 00:10:51,903
‫And host sense for our IP address.

218
00:10:52,770 --> 00:10:55,680
‫So rather than changing it one by one,

219
00:10:55,680 --> 00:10:57,810
‫I'm gonna go into the environment

220
00:10:57,810 --> 00:11:00,663
‫and click on the vAPI environment.

221
00:11:01,530 --> 00:11:04,410
‫So as you can see, there is a host variable over here

222
00:11:04,410 --> 00:11:06,660
‫and the initial value is local host.

223
00:11:06,660 --> 00:11:08,040
‫Rather than local host,

224
00:11:08,040 --> 00:11:10,770
‫I'm just gonna write my own IP address

225
00:11:10,770 --> 00:11:13,320
‫and this is my IP address over here.

226
00:11:13,320 --> 00:11:16,170
‫I'm gonna copy it and paste it over there

227
00:11:16,170 --> 00:11:19,410
‫and also paste it over the current value.

228
00:11:19,410 --> 00:11:22,023
‫And then I'm going to save this.

229
00:11:23,100 --> 00:11:25,680
‫So if you hit on the save button over here,

230
00:11:25,680 --> 00:11:27,493
‫don't forget to hit on the save button.

231
00:11:27,493 --> 00:11:30,480
‫And if you go to collection, now,

232
00:11:30,480 --> 00:11:35,463
‫it'll resolve to the IP address of our own.

233
00:11:36,480 --> 00:11:40,590
‫It doesn't resolve, it says that unresolved variable

234
00:11:40,590 --> 00:11:43,350
‫because we need to change the environment, I believe.

235
00:11:43,350 --> 00:11:45,360
‫Click on the vAPI.

236
00:11:45,360 --> 00:11:47,790
‫Click on the vAPI and come over here

237
00:11:47,790 --> 00:11:51,840
‫to No Environment and select the vAPI environment.

238
00:11:51,840 --> 00:11:52,673
‫Here you go.

239
00:11:52,673 --> 00:11:54,330
‫Once you do do that, as you can see,

240
00:11:54,330 --> 00:11:56,400
‫it will inherit all the variables

241
00:11:56,400 --> 00:11:59,730
‫that we have written over there in the environment.

242
00:11:59,730 --> 00:12:01,890
‫Now you know what an environment is.

243
00:12:01,890 --> 00:12:05,730
‫If you come over here, hover over the host variable.

244
00:12:05,730 --> 00:12:10,730
‫As you can see, we get the value, we get the IP address.

245
00:12:11,280 --> 00:12:12,660
‫And that is what we need.

246
00:12:12,660 --> 00:12:15,330
‫If I send this right now, again,

247
00:12:15,330 --> 00:12:17,010
‫it doesn't send for some reason

248
00:12:17,010 --> 00:12:20,910
‫because I believe we need to change this.

249
00:12:20,910 --> 00:12:24,540
‫We need to change this ID as well.

250
00:12:24,540 --> 00:12:29,070
‫As you can see there is another unresolved value over here,

251
00:12:29,070 --> 00:12:32,280
‫but if we change this, I believe it would work.

252
00:12:32,280 --> 00:12:34,440
‫Let me try this.

253
00:12:34,440 --> 00:12:36,420
‫And by the way, I can go to environment

254
00:12:36,420 --> 00:12:39,870
‫and change the variable from there as well

255
00:12:39,870 --> 00:12:44,870
‫but it doesn't make much sense because it's only in one API.

256
00:12:45,360 --> 00:12:47,460
‫We can also change the variables

257
00:12:47,460 --> 00:12:50,970
‫from here as well without touching the environment.

258
00:12:50,970 --> 00:12:54,360
‫But it's a very good idea to go with the environment.

259
00:12:54,360 --> 00:12:56,610
‫So it would be applicable

260
00:12:56,610 --> 00:12:59,610
‫for all of the things inside of our API.

261
00:12:59,610 --> 00:13:02,160
‫I'm just showing you guys how to use the Postman

262
00:13:02,160 --> 00:13:04,820
‫I'm just getting you to know it.

263
00:13:04,820 --> 00:13:06,180
‫Don't worry about it.

264
00:13:06,180 --> 00:13:08,760
‫We're gonna see this in details.

265
00:13:08,760 --> 00:13:11,670
‫Let me do one API call.

266
00:13:11,670 --> 00:13:15,603
‫I'm gonna go into the first one, the post, the create user.

267
00:13:16,470 --> 00:13:20,130
‫Let us test to see if this is working.

268
00:13:20,130 --> 00:13:22,287
‫So we have a post request.

269
00:13:22,287 --> 00:13:25,830
‫And we also have the get request, put request.

270
00:13:25,830 --> 00:13:27,900
‫Maybe you don't know the difference between them.

271
00:13:27,900 --> 00:13:30,390
‫Generally, when we send the data

272
00:13:30,390 --> 00:13:34,380
‫to a server or to an endpoint, we use post request.

273
00:13:34,380 --> 00:13:39,330
‫It is not mandatory, but it's the general convention.

274
00:13:39,330 --> 00:13:41,670
‫Many developers choose to do that.

275
00:13:41,670 --> 00:13:45,060
‫If we are trying to get some information from the API,

276
00:13:45,060 --> 00:13:46,800
‫we can use the get request.

277
00:13:46,800 --> 00:13:48,930
‫If we are trying to update any value,

278
00:13:48,930 --> 00:13:50,643
‫we can use the put request.

279
00:13:51,840 --> 00:13:54,780
‫So we know what kind of request

280
00:13:54,780 --> 00:13:56,100
‫that we are getting over here

281
00:13:56,100 --> 00:14:00,420
‫like post request, get request, put request.

282
00:14:00,420 --> 00:14:02,973
‫You don't have to change any of this.

283
00:14:03,870 --> 00:14:06,570
‫So first one is to create a user.

284
00:14:06,570 --> 00:14:08,760
‫So I'm seeing this post request.

285
00:14:08,760 --> 00:14:13,020
‫And you can change the tabs from here like authorization.

286
00:14:13,020 --> 00:14:14,759
‫We don't need any authorization.

287
00:14:14,759 --> 00:14:16,260
‫As you can see,

288
00:14:16,260 --> 00:14:21,260
‫you can see the headers like content length, content type.

289
00:14:21,330 --> 00:14:23,460
‫Many of the time, you won't even have

290
00:14:23,460 --> 00:14:25,950
‫to touch the headers over here.

291
00:14:25,950 --> 00:14:29,220
‫So you don't need to change any of this.

292
00:14:29,220 --> 00:14:32,820
‫This is per field for us inside of the Postman.

293
00:14:32,820 --> 00:14:37,680
‫And if you didn't get this Postman, as you can see,

294
00:14:37,680 --> 00:14:41,310
‫you should go to the Burp Suite and catch the package

295
00:14:41,310 --> 00:14:44,430
‫and try with it and it's gonna take so much time.

296
00:14:44,430 --> 00:14:47,850
‫So make sure you install the Postman

297
00:14:47,850 --> 00:14:52,260
‫and import the JSON file that comes with the challenge.

298
00:14:52,260 --> 00:14:54,690
‫So here, we have the username, name

299
00:14:54,690 --> 00:14:57,180
‫and the course and password thingies.

300
00:14:57,180 --> 00:14:59,520
‫I'm just gonna give some random things over here

301
00:14:59,520 --> 00:15:02,700
‫like username, Atil, name, my name,

302
00:15:02,700 --> 00:15:05,754
‫course web pentesting password.

303
00:15:05,754 --> 00:15:08,370
‫I don't know, atil123.

304
00:15:08,370 --> 00:15:11,400
‫I'm just going with the random parameters.

305
00:15:11,400 --> 00:15:14,550
‫I just want to see if I sent something,

306
00:15:14,550 --> 00:15:16,230
‫yeah, there are some tests over here.

307
00:15:16,230 --> 00:15:18,300
‫We are gonna talk about this.

308
00:15:18,300 --> 00:15:20,340
‫So when we send a request,

309
00:15:20,340 --> 00:15:23,910
‫this test gets executed automatically.

310
00:15:23,910 --> 00:15:25,320
‫We don't need to change anything.

311
00:15:25,320 --> 00:15:27,480
‫All you gotta do is just change the parameters

312
00:15:27,480 --> 00:15:32,030
‫in the body and we are just doing this for test purposes.

313
00:15:32,030 --> 00:15:34,860
‫And I sent this and as you can see,

314
00:15:34,860 --> 00:15:37,500
‫it didn't even get a response back.

315
00:15:37,500 --> 00:15:38,580
‫It doesn't work.

316
00:15:38,580 --> 00:15:41,460
‫That's what I was trying to find out.

317
00:15:41,460 --> 00:15:45,120
‫And if I go over host, yeah, by mistake,

318
00:15:45,120 --> 00:15:48,570
‫we included HTTP tag two times.

319
00:15:48,570 --> 00:15:51,210
‫In the host, as you can see, it says HTTP.

320
00:15:51,210 --> 00:15:54,780
‫So it's coming HTTP, HTTP doesn't work.

321
00:15:54,780 --> 00:15:58,200
‫Going to the environment one more time, delete the HTTP,

322
00:15:58,200 --> 00:16:00,540
‫just leave the IP address over here.

323
00:16:00,540 --> 00:16:04,230
‫From the initial value and also current value as well.

324
00:16:04,230 --> 00:16:09,230
‫Make sure you delete every possible space and stuff.

325
00:16:09,477 --> 00:16:14,477
‫Don't leave anything over here rather than the IP address.

326
00:16:14,580 --> 00:16:16,950
‫Delete everything, just leave the IP address.

327
00:16:16,950 --> 00:16:20,490
‫Come over here and try to send it one more time.

328
00:16:20,490 --> 00:16:24,870
‫Just give some random usernames and names and stuff.

329
00:16:24,870 --> 00:16:27,390
‫As you can see, host is okay right now.

330
00:16:27,390 --> 00:16:31,950
‫All I gotta do is just send this and see what happens.

331
00:16:31,950 --> 00:16:35,160
‫So right now, it works as you can see

332
00:16:35,160 --> 00:16:37,530
‫I'm getting the username, I'm getting the name.

333
00:16:37,530 --> 00:16:40,110
‫So we created a user.

334
00:16:40,110 --> 00:16:44,010
‫So what we did in this lecture is just to install

335
00:16:44,010 --> 00:16:46,470
‫the postman and make sure it works.

336
00:16:46,470 --> 00:16:48,810
‫We are going to talk about what we are doing here

337
00:16:48,810 --> 00:16:49,980
‫and why we are doing here.

338
00:16:49,980 --> 00:16:53,430
‫We get an ID, so we don't know what to do with it.

339
00:16:53,430 --> 00:16:55,770
‫Maybe you don't understand what's going on.

340
00:16:55,770 --> 00:16:57,120
‫That's okay.

341
00:16:57,120 --> 00:17:00,630
‫All you gotta do is just make sure your postman works.

342
00:17:00,630 --> 00:17:02,940
‫And we are gonna talk about this in depth

343
00:17:02,940 --> 00:17:05,100
‫in the upcoming lectures.

344
00:17:05,100 --> 00:17:07,410
‫Right now, we have what we need.

345
00:17:07,410 --> 00:17:09,177
‫We have the Postman, we have the Burp Suite

346
00:17:09,177 --> 00:17:12,030
‫and we have the up and running API.

347
00:17:12,030 --> 00:17:14,370
‫So we are gonna stop here and within the next lecture,

348
00:17:14,370 --> 00:17:15,903
‫we're gonna start pentesting.