API Payments 03

This exercise covers a simple payments bypass.

< 1 Hr.
API Badge


In this challenge, you will explore a shopping application that relies on an external payment gateway to handle transactions. When users decide to check out, they are redirected to the payment gateway, with the online store providing the amount to be paid based on the cart's contents. The objective is to identify a method to reduce the payment amount and successfully obtain the key for the challenge.

The course content and video guide you through adding items to the cart, checking out, and intercepting the payment request using tools like Burp Suite. By manipulating the quantity values, such as adding negative quantities, you can reduce the total amount to be paid. The challenge demonstrates the importance of understanding and testing the security of the checkout process in shopping applications.

Want to learn more? Get started with PentesterLab Pro! GO PRO