API 05

This exercise covers how one can inspect JavaScript code to identify unused endpoints.

< 1 Hr.
API Badge


In this challenge, you need to inspect the JavaScript code of a web page to uncover a hidden endpoint. The JavaScript code has been compressed, adding a layer of difficulty. To expedite your review, you should base your search on the name of the Angular application, which you can retrieve from the `ng-app` attribute in the HTML page. Once you identify the Angular application name, you can proceed to locate the relevant code.

The video walkthrough explains the process in detail. Start by viewing the source code of the page and note that it's an Angular app. The Angular module name is "approval." Due to the code's obfuscation, use a JavaScript beautifier to make the code readable. After beautifying the code, search for the Angular model "approval" and identify the hidden endpoint. The endpoint requires a POST request to retrieve the key for the challenge. Using tools like `curl`, you can send the POST request and obtain the key to complete the challenge.

Want to learn more? Get started with PentesterLab Pro! GO PRO