API 04

Bookmarked!

This exercise covers how one can inspect JavaScript code to identify unused endpoints.

PRO
Tier
Easy
< 1 Hr.
1817
API Badge

In this challenge, you will be tasked with reviewing the JavaScript code on a web page to uncover a hidden endpoint. The challenge revolves around an Angular-based web application named "approval." By inspecting the source code, you will identify the Angular application name from the ng-app attribute in the HTML.

From there, you will delve into the JavaScript files, searching for the Angular module named "approval." Within this module, you will discover various components, such as controllers and functions, including one named get_secret. This function is not directly called within the user interface, but you can invoke it by sending a POST request to the /getsecret endpoint, ultimately revealing the key needed to complete this challenge.

Want to learn more? Get started with PentesterLab Pro! GOPRO