Why can t I obtain a user token from a compromised API

0 votes
During a penetration testing exercise, I was able to access a vulnerable API endpoint, but I can’t seem to retrieve any user tokens. I expected that, after compromising the API, I would be able to extract sensitive data, including tokens.

Could there be additional security mechanisms in place preventing token retrieval, or am I missing something in my approach? What might be the reasons for this difficulty, and are there specific techniques for handling this situation when conducting a security assessment?
Oct 25 in Cyber Security & Ethical Hacking by Anupam
• 3,470 points 46 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

Why can't I obtain user token from a compromised API?

Why can't I obtain user token from ...READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 3,470 points 144 views
0 votes
1 answer

Can I determine the current IP from a known MAC Address?

ARP may be used to retrieve an ...READ MORE

answered Feb 20, 2022 in Cyber Security & Ethical Hacking by Edureka
 • 12,690 points 619 views
0 votes
0 answers

How do I find and exploit an insecure API endpoint in a mobile app?

How do I find and exploit an ...READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 3,470 points 57 views
0 votes
0 answers

How do I perform a CSRF attack to change user account settings without authorization?

How do I perform a CSRF attack ...READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 3,470 points 72 views
0 votes
0 answers

Why am I unable to gain a shell on a remote system despite finding a vulnerability?

Why am I unable to gain a ...READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 3,470 points 53 views
0 votes
1 answer

How do I find and exploit an insecure API endpoint in a mobile app?

In order to locate and test insecure ...READ MORE

answered Oct 24 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 2,960 points 70 views
0 votes
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 2,960 points 83 views
0 votes
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 2,960 points 174 views
0 votes
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 2,960 points 67 views
0 votes
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 2,960 points 82 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.