API Payments 07

This exercise covers a way to manipulate a shopping cart to lower the total amount

< 1 Hr.
API Badge


In this challenge, your goal is to get more familiar with the flow of a shopping application that relies on a payment gateway to handle transactions. When clients decide to check out, they are redirected to the payment gateway. The online store provides an amount to pay to the payment gateway based on the quantity and price of the items in the cart. Your task is to find a way to pay less to obtain the key for this challenge.

The video walkthrough demonstrates how to intercept the checkout request using Burp Suite and tamper with the price parameter. By changing the price from $204 to $9, the server accepts the manipulated price, allowing the payment to go through for a significantly lower amount. This exercise highlights the importance of server-side validation and the risks associated with trusting client-side data.

Want to learn more? Get started with PentesterLab Pro! GO PRO