ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- 👩🎓👨🎓 Learn about API testing! To solve this lab, we'll need to exploit a hidden API endpoint to buy a Lightweight l33t Leather Jacket.
If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/... 🧠
🔗 Portswigger challenge: portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:10 Identifying API endpoints
1:00 Interacting with API endpoints
1:25 Identifying supported HTTP methods
2:25 Identifying supported content types
3:02 Fuzzing to find hidden endpoints
3:38 Lab: Finding and exploiting an unused API endpoint
3:54 Check for API documentation
4:21 Interact with API endpoints
5:40 Modify content-type to alter product price
6:43 Conclusion
Is this Cryptocat? This guy is worth his absolute weight in gold to intigriti. I can't tell you how much he's helped me with random questions and fine tuning reports. Whatever he's being paid ..double it.
Of course it is CryptoCat! 😺 Thanks mate, really appreciated! Glad I could help you out wherever possible 🥰
@intigriti one of the most helpful people I've ever worked with/ got support from. 💯 (it's mack the r, btw) .. if you're ever in Se Asia best believe the beers are on me
@@camelotenglishtuition6394 Actually hoping to be out that way in a couple of months time.. Thailand/Vietnam, will let you know! 🍻
If we analysed the steps taken to solve the lab , you would realize at no point did you "uncover an endpoint"
Not too sure I get you.. You mean we should of "uncovered" the endpoint through some JS file or something? Well, don't blame me if the endpoint is left exposed in the HTTP history tab - hackers gonna hack 😅
You can use something like Kiterunner, that'll save you some time.