Click the "Intercept is on" button so it changes to "Intercept is off".
Click the "Open Browser" button.
In Burp's browser, go to
https://crAPI.samsclass.info The crAPI login page opens, as shown below.
Alternate Servers
For the Texas State Working Connections training, there is a secomd server to use:
Click Network tab, outlined in green in the image below.
At the top left, click the Refresh icon, outlined in red in the image below.
Several source filenames appear. Right-click main.fd3f1560.chunk.js, outlined in blue in the image below, and click "Open in Sources Panel".
The Sources tab appears, with one very long line in red font containing all the JavaScript code, as shown below.
At lower left, click {}, outlined in green in the image below, for "pretty-print".
The display becomes much more readable, as shown below.
Click in the lower center pane, where the JavaScript code is.
On your keyboard, press command+F if you're on a Mac, or Ctrl+F if you are on a PC.
A Find box appears at the bottom. Click in tha box and type
api
as shown below.
Flag AP 100.1: Word (10 pts)
Press Enter twice. Scroll down to see the list of API endpoints, as shown below.The flag is the word covered by a green rectangle in the image below.
Flag AP 100.2: External API Endpoint (10 pts)
Search all the JavaScript files used on this page, and find the URL matching the image below.The flag is the word covered by a green rectangle in the image below.
Posted 5-4-22
Alternate servers added 8-11-22, removed 5-11-23
Video added 5-11-23
crapi2 server added again 7-17-23