<a href="https://colab.research.google.com/github/elangbijak4/Security_Research/blob/main/Tool36_Almudaya_Penetration_Testing_API_3.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

Pengujian Analisis Auto Respon API

In [6]:
import requests
from requests.exceptions import SSLError, ConnectionError

In [7]:
# Menggunakan JSONPlaceholder sebagai contoh
base_url = "https://jsonplaceholder.typicode.com/posts"

# Data untuk pengujian
payload = {
    "title": "foo",
    "body": "bar",
    "userId": 1
}

# Header untuk permintaan
headers = {
    "Content-Type": "application/json"
}

try:
    # Mengirim permintaan POST dan mendapatkan respons
    response = requests.post(base_url, json=payload, headers=headers)

    # 1. Pengujian Status Kode
    print("Status Code Test")
    print("Status Code:", response.status_code)
    print("------")

    # 2. Pengujian Struktur Respons
    print("Response Structure Test")
    try:
        response_json = response.json()
        print("Response is valid JSON.")
        expected_keys = {"title", "body", "userId", "id"}
        if expected_keys.issubset(response_json.keys()):
            print("Response structure is valid.")
        else:
            print("Response structure is invalid.")
    except ValueError:
        print("Response is not valid JSON.")
    print("------")

    # 3. Pengujian Pesan Kesalahan
    print("Error Message Test")
    error_response = requests.post(base_url, json={}, headers=headers)
    print("Status Code:", error_response.status_code)
    if error_response.status_code >= 400:
        print("Error Message:", error_response.text)
        if "sensitive" not in error_response.text:
            print("Error message does not contain sensitive information.")
        else:
            print("Error message contains sensitive information.")
    print("------")

    # 4. Pengujian Penggunaan Header
    print("Response Headers Test")
    security_headers = ["Content-Security-Policy", "X-Content-Type-Options", "Strict-Transport-Security", "X-Frame-Options"]
    for header in security_headers:
        if header in response.headers:
            print(f"{header} is present: {response.headers[header]}")
        else:
            print(f"{header} is missing.")
    print("------")

    # 5. Pengujian Penggunaan SSL/TLS
    print("SSL/TLS Test")
    try:
        response = requests.get(base_url)
        if response.url.startswith("https://"):
            print("Connection is secure with SSL/TLS.")
        else:
            print("Connection is not secure.")
    except (SSLError, ConnectionError) as e:
        print(f"SSL/TLS Test failed: {e}")
    print("------")

except Exception as e:
    print(f"An error occurred: {e}")

Status Code Test
Status Code: 201
------
Response Structure Test
Response is valid JSON.
Response structure is valid.
------
Error Message Test
Status Code: 201
------
Response Headers Test
Content-Security-Policy is missing.
X-Content-Type-Options is present: nosniff
Strict-Transport-Security is missing.
X-Frame-Options is missing.
------
SSL/TLS Test
Connection is secure with SSL/TLS.
------
