Finding and Exploiting an Unused API Endpoint
👩🎓👨🎓 Learn about API testing! To solve this lab, we'll need to exploit a hidden API endpoint to buy a Lightweight l33t Leather Jacket.
If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/... 🧠
🔗 @PortSwiggerTV challenge: https://portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register
👾 Join our Discord - https://go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com
Overview:
0:00 Intro
0:10 Identifying API endpoints
1:00 Interacting with API endpoints
1:25 Identifying supported HTTP methods
2:25 Identifying supported content types
3:02 Fuzzing to find hidden endpoints
3:38 Lab: Finding and exploiting an unused API endpoint
3:54 Check for API documentation
4:21 Interact with API endpoints
5:40 Modify content-type to alter product price
6:43 Conclusion
![Decoding Spotify Barcodes - Defcon 32 Coin Challenge Solution [2024]](https://images.mixrolikus.cc/video/RpXbtmUGyXs)
