API 07

This exercise covers how one can inspect JavaScript code to identify information leak.

PRO
Tier
Medium
< 1 Hr.
1151
API Badge

Course


This challenge focuses on identifying an information leak by analyzing the JavaScript of the page. The primary objective is to scrutinize the Angular application defined in the HTML page. By locating the `ng-app` attribute, you can quickly identify the name of the Angular application and streamline your search.

In the video, we explored an approval application where navigating to the home page redirects users to the login page if they are not authenticated. By examining the source code, we discovered that the application uses the "Devise" library for authentication and found that the state provider redirects users based on their login status. By further analyzing the JavaScript and HTML templates, we identified sensitive information that should not be accessible, highlighting the importance of thoroughly reviewing client-side protections.

Want to learn more? Get started with PentesterLab Pro! GO PRO