0x30 - Hidden API Endpoints in WADL Files

Did you know you can find hidden API endpoints in the Web Application Description Language (WADL) files?

Application.wadl is an XML file that describes the resources exposed by a web service.

Very similar with Swagger to some extent, but less-known.

Common paths include:

  • GET /application.wadl

  • GET /api/application.wadl

  • GET /application.wadl?detail=true

The Application.wadl file can contain details about:

  • Available endpoint paths

  • Description of each function

  • Required parameters

  • Type and content of response


How to do it

  1. Check if the app is hosting an application.wadl file on the common paths

  2. Download the application.wadl file from target domain

  3. Use SOAP UI to import the WADL file

  4. Explore discovered endpoints

  5. (Optional) Import to Burp using SwaggerParser extension


References