{"id":7381,"date":"2018-03-06T07:39:31","date_gmt":"2018-03-06T06:39:31","guid":{"rendered":"https:\/\/hansesecure.de\/2018\/03\/howto-exploitdev-fuzzing\/"},"modified":"2018-03-06T07:39:31","modified_gmt":"2018-03-06T06:39:31","slug":"howto-exploitdev-fuzzing","status":"publish","type":"post","link":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/","title":{"rendered":"HowTo: ExploitDev Fuzzing"},"content":{"rendered":"

\"\"<\/a><\/p>\n

This is a short usage guide which should explain my simple wrapper for the spike fuzzer, which you can find here<\/a>.<\/p>\n

For this example i used the well known vulnserver<\/a> \ud83d\ude09<\/p>\n

0x01 Determine possible commands<\/h1>\n

A simple nc && HELP command revealing all possible commands.<\/p>\n

\"\"<\/a><\/p>\n

0x02 Create Text File containing commands<\/h1>\n

Just Copy&Paste \ud83d\ude09<\/p>\n

\"\"<\/a><\/p>\n

0x03 Fire Up my First helper and choose your variables for Fuzzing<\/h1>\n

Just type:<\/p>\n

python netStream2spike.py -f [yourCommandFile]<\/code>
\nAfter that you will find a fuzz.spk file which contains all your requests in the valid spike syntax. The next step is to choose your variables which should be fuzzed. Just alter <\/em> s_string (“Var1”);<\/em> into s_string_variable(“Var”)<\/em>;<\/p>\n

You can also fuzz http services. For this purpose you can capture the request via wireshark, follow the tcp stream and copy it into yourCommandFile. After executing my script just delete all lines containing \/\/New requestLine: except the first one.<\/p>\n\n\n\n\n
original code<\/strong><\/td>\naltered code<\/strong><\/td>\n<\/tr>\n
\"\"<\/a><\/td>\n\"\"<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

0x04 Let’s break Things!<\/h1>\n

Time to Fuzz!<\/p>\n

fuzzing.py -f fuzz.spk -p 9999 $ip<\/code><\/p>\n

This wrapper will create single spike config files for each request from your fuzz.spk template. You can also submit another file which contains an auth request (for example: user user \\n pass pass<\/em>)
\nAt the next stage it will fuzz through all config files and you only have to wait for your crash;-)<\/p>\n

\"\"<\/a><\/p>\n

0x05 Find the Crashing Variable<\/h1>\n

You can choose several ways to find the right config file.<\/p>\n\n\n\n\n
Ctrl + C<\/b><\/td>\nlast_spk file in your pwd<\/b><\/td>\n<\/tr>\n
\"\"<\/a><\/td>\n\"\"<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

0x06 Retest the crash with the config file and start your exploitDev<\/h1>\n

Start your spike fuzzer manually and check the config while for the crash. After that you can proceed to develop your evil && fancy exploit (another tutorial for this will follow, at first you can look at this<\/a> example \ud83d\ude09<\/p>\n

\"\"<\/a><\/p>\n

I hope this small wrapper will help you and maybe you follow me on Github<\/a> or Twitter<\/a>\ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"

This is a short usage guide which should explain my simple wrapper for the spike fuzzer, which you can find here. For this example i used the well known vulnserver \ud83d\ude09 0x01 Determine possible commands A simple nc && HELP command revealing all possible commands. 0x02 Create Text File containing commands Just Copy&Paste \ud83d\ude09 0x03 Fire […]<\/p>\n","protected":false},"author":2,"featured_media":7036,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[257],"tags":[269,272,276,266,280,278,274],"class_list":["post-7381","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-deep-dive-techniques","tag-assembler-en","tag-bufferoverflow-en-2","tag-exploit-en-2","tag-migration-en","tag-osce-en-2","tag-research-en-2","tag-shellcode-en"],"acf":[],"yoast_head":"\nHowTo: ExploitDev Fuzzing – HanseSecure GmbH<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HowTo: ExploitDev Fuzzing – HanseSecure GmbH\" \/>\n<meta property=\"og:description\" content=\"This is a short usage guide which should explain my simple wrapper for the spike fuzzer, which you can find here. For this example i used the well known vulnserver \ud83d\ude09 0x01 Determine possible commands A simple nc && HELP command revealing all possible commands. 0x02 Create Text File containing commands Just Copy&Paste \ud83d\ude09 0x03 Fire […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/\" \/>\n<meta property=\"og:site_name\" content=\"HanseSecure GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/hansesecure\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-06T06:39:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hansesecure.de\/wp-content\/uploads\/2018\/03\/blog-fuzzing.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"HanseSecure\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:site\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"HanseSecure\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/\"},\"author\":{\"name\":\"HanseSecure\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\"},\"headline\":\"HowTo: ExploitDev Fuzzing\",\"datePublished\":\"2018-03-06T06:39:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/\"},\"wordCount\":319,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/blog-fuzzing.jpg\",\"keywords\":[\"Assembler\",\"BufferOverflow\",\"exploit\",\"Migration\",\"OSCE\",\"Research\",\"Shellcode\"],\"articleSection\":[\"Deep Dive Techniques\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/\",\"name\":\"HowTo: ExploitDev Fuzzing – HanseSecure GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/blog-fuzzing.jpg\",\"datePublished\":\"2018-03-06T06:39:31+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/blog-fuzzing.jpg\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2018\\\/03\\\/blog-fuzzing.jpg\",\"width\":400,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2018\\\/03\\\/howto-exploitdev-fuzzing\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HowTo: ExploitDev Fuzzing\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"name\":\"HanseSecure GmbH\",\"description\":\"Choose the Intruder\",\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\",\"name\":\"HanseSecure GmbH\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"width\":512,\"height\":512,\"caption\":\"HanseSecure GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/facebook.com\\\/hansesecure\",\"https:\\\/\\\/x.com\\\/CyberWarship\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hansesecure\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCAABbKOA_stDFkEKS3MSF7Q\",\"https:\\\/\\\/www.instagram.com\\\/hansesecure\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\",\"name\":\"HanseSecure\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"caption\":\"HanseSecure\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HowTo: ExploitDev Fuzzing – HanseSecure GmbH","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/","og_locale":"en_US","og_type":"article","og_title":"HowTo: ExploitDev Fuzzing – HanseSecure GmbH","og_description":"This is a short usage guide which should explain my simple wrapper for the spike fuzzer, which you can find here. For this example i used the well known vulnserver \ud83d\ude09 0x01 Determine possible commands A simple nc && HELP command revealing all possible commands. 0x02 Create Text File containing commands Just Copy&Paste \ud83d\ude09 0x03 Fire […]","og_url":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/","og_site_name":"HanseSecure GmbH","article_publisher":"https:\/\/facebook.com\/hansesecure","article_published_time":"2018-03-06T06:39:31+00:00","og_image":[{"width":400,"height":300,"url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2018\/03\/blog-fuzzing.jpg","type":"image\/jpeg"}],"author":"HanseSecure","twitter_card":"summary_large_image","twitter_creator":"@CyberWarship","twitter_site":"@CyberWarship","twitter_misc":{"Written by":"HanseSecure","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#article","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/"},"author":{"name":"HanseSecure","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593"},"headline":"HowTo: ExploitDev Fuzzing","datePublished":"2018-03-06T06:39:31+00:00","mainEntityOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/"},"wordCount":319,"commentCount":0,"publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2018\/03\/blog-fuzzing.jpg","keywords":["Assembler","BufferOverflow","exploit","Migration","OSCE","Research","Shellcode"],"articleSection":["Deep Dive Techniques"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/","url":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/","name":"HowTo: ExploitDev Fuzzing – HanseSecure GmbH","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#primaryimage"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2018\/03\/blog-fuzzing.jpg","datePublished":"2018-03-06T06:39:31+00:00","breadcrumb":{"@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#primaryimage","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2018\/03\/blog-fuzzing.jpg","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2018\/03\/blog-fuzzing.jpg","width":400,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/hansesecure.de\/en\/2018\/03\/howto-exploitdev-fuzzing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/hansesecure.de\/en\/"},{"@type":"ListItem","position":2,"name":"HowTo: ExploitDev Fuzzing"}]},{"@type":"WebSite","@id":"https:\/\/hansesecure.de\/en\/#website","url":"https:\/\/hansesecure.de\/en\/","name":"HanseSecure GmbH","description":"Choose the Intruder","publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hansesecure.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hansesecure.de\/en\/#organization","name":"HanseSecure GmbH","url":"https:\/\/hansesecure.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","width":512,"height":512,"caption":"HanseSecure GmbH"},"image":{"@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/hansesecure","https:\/\/x.com\/CyberWarship","https:\/\/www.linkedin.com\/company\/hansesecure","https:\/\/www.youtube.com\/channel\/UCAABbKOA_stDFkEKS3MSF7Q","https:\/\/www.instagram.com\/hansesecure\/"]},{"@type":"Person","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593","name":"HanseSecure","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","caption":"HanseSecure"}}]}},"_links":{"self":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/comments?post=7381"}],"version-history":[{"count":0,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7381\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media\/7036"}],"wp:attachment":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media?parent=7381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/categories?post=7381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/tags?post=7381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}