API Payments 02

This exercise covers a simple payments bypass.

< 1 Hr.
API Badge


In this challenge, your goal is to get more familiar with the flow of a shopping application that relies on a payment gateway to handle payments. When clients decide to check out, they get redirected to the payment gateway, where the online store provides an amount to pay. The payment gateway, however, may not handle this amount securely. Through this lab, you will discover how to exploit this behavior to avoid paying the full amount.

During the challenge, you will add items to the cart and proceed to checkout, redirecting you to the payment gateway. By inspecting the form and using tools like Burp Suite in intercept mode, you will learn how to tamper with the amount field in the request. This will allow you to manipulate the payment amount, eventually leading you to obtain the key for the challenge. This exercise highlights the importance of ensuring that payment gateways securely handle the amount paid and that applications verify the amount matches the expected sum.

Want to learn more? Get started with PentesterLab Pro! GO PRO