API 04

This exercise covers how one can inspect JavaScript code to identify unused endpoints.

< 1 Hr.
API Badge


In this challenge, you will be tasked with reviewing the JavaScript code on a web page to uncover a hidden endpoint. The challenge revolves around an Angular-based web application named "approval." By inspecting the source code, you will identify the Angular application name from the `ng-app` attribute in the HTML.

From there, you will delve into the JavaScript files, searching for the Angular module named "approval." Within this module, you will discover various components, such as controllers and functions, including one named `get_secret`. This function is not directly called within the user interface, but you can invoke it by sending a POST request to the `/getsecret` endpoint, ultimately revealing the key needed to complete this challenge.

Want to learn more? Get started with PentesterLab Pro! GO PRO