crAPI (Completely Ridiculous API) is an intentionally vulnerable API that can be used to learn about and practice API security. It is an open-source project by Open Worldwide Application Security Project (OWASP), designed around the ten most critical API security risks.
In this tutorial, you will learn how to set up crAPI on a Linux machine.
Prerequisite
To follow along in this tutorial, you must have the following:
Basic knowledge of the terminal.
Linux machine — This article uses Kali distribution
Setting up crAPI
To set up crAPI, create a directory called labs in your home directory.
cd ~
mkdir labs
cd labs
Next, you need to clone the crAPI application by running the following command:
git clone https://github.com/OWASP/crAPI.git
Before you can run the application, you need to install docker.io and docker-compose. To do that, run the following command in your terminal:
#installing docker.io
sudo apt install docker.io
#installing docker-compose
sudo apt install docker-compose
Note: if you get the "unable to fetch some archives error", run the command: sudo apt update --fix-missing
. Then run the docker.io and docker-compose command one more time.
Now, you can navigate to the crAPI directory:
cd ~/labs/crAPI/deploy/docker
Next, you can spin up the application by running the following command:
sudo docker-compose up
Finally, you can view the application in your browser by visiting localhost:8888
crAPI also comes with a mail server, which can be accessed by visiting localhost:8025
Conclusion
This tutorial explained crAPI and taught how to set it up on a Linux machine.