API 04
Bookmarked!This exercise covers how one can inspect JavaScript code to identify unused endpoints.
In this challenge, you will be tasked with reviewing the JavaScript code on a web page to uncover a hidden endpoint. The challenge revolves around an Angular-based web application named "approval." By inspecting the source code, you will identify the Angular application name from the ng-app
attribute in the HTML.
From there, you will delve into the JavaScript files, searching for the Angular module named "approval." Within this module, you will discover various components, such as controllers and functions, including one named get_secret
. This function is not directly called within the user interface, but you can invoke it by sending a POST request to the /getsecret
endpoint, ultimately revealing the key needed to complete this challenge.