Finding and Exploiting an Unused API Endpoint

👩‍🎓👨‍🎓 Learn about API testing! To solve this lab, we'll need to exploit a hidden API endpoint to buy a Lightweight l33t Leather Jacket. If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/api-testing 🧠 🔗 @PortSwiggerTV challenge: https://portswigger.net/web-security/api-testing/lab-exploiting-unused-api-endpoint 🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register 👾 Join our Discord - https://go.intigriti.com/discord 🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti 👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com Overview: 0:00 Intro 0:10 Identifying API endpoints 1:00 Interacting with API endpoints 1:25 Identifying supported HTTP methods 2:25 Identifying supported content types 3:02 Fuzzing to find hidden endpoints 3:38 Lab: Finding and exploiting an unused API endpoint 3:54 Check for API documentation 4:21 Interact with API endpoints 5:40 Modify content-type to alter product price 6:43 Conclusion