I'm currently trying to reverse-engineer a private REST-Webservice, which lacks documentation. The only thing I know about it is, that it's written in PHP, using the ZendFramework. Is there any simple way of finding out, which actions are allowed and which parameters I have to supply to make the service work correctly?
Greets,
Rob
If you have an existing client using the service (a web page, mobile app, etc.) you can use a proxy to record and observe traffic that's sent/received by an existing client using the service. Fiddler or Charles will get the job done.
You can use network analyzer tool like WIRESHARK to capture data sent on network
Read more about it on wireshark site
For example i hit login web service
data captured by wireshark is as:
In above image you can see data sent on HTTP protocol
1.) method POST
2.) Under MIME info
for example
Content-Disposition: form-data; name="phoneNumber"\r\n\r\n
name of parameter is phoneNumber
===========UPDATE==============
Here you can see fiddle captured data:
1.) Click on GO bottun, after that it starts capturing requests
you can use
network analyzer tab under inspect element option in google chrome
where you can see all the data and scripts loaded for that webpage,
for example check this screenshot, where i am trying to see which google api is used to find coordinates for the given address.
in this you will get all the information required.