API 06

This exercise covers how one can inspect JavaScript code to identify unused endpoints.

< 1 Hr.
API Badge


In this challenge, you are tasked with examining the JavaScript code of an Angular application to uncover a hidden endpoint. The JavaScript is compressed, so you will need to use a JS beautifier to make the code readable. Once the code is beautified, you can search for the Angular application name, which is "Approval," to locate the endpoints.

To successfully retrieve the key, you must bypass the Rails CSRF protection. This involves identifying the correct headers and cookies that the application uses for CSRF tokens. By examining the network activity and copying the necessary session cookies and CSRF tokens, you can craft a request that bypasses the CSRF protection and accesses the hidden endpoint.

Want to learn more? Get started with PentesterLab Pro! GO PRO