Practically this lab made no sense to me, i tried to approach it by buying a gift card and intercepting the redeem gift card request before the gift card could be redeemed, unfortunately sending them in parallel only had the rest of the request render an invalid coupon code. Do you think bruteforcing on intruder with a wordlist of possible giftcard codes would work? I will also try solving it with your approach :)
Brute forcing can be an option, unless there is a WAF or request throttling option in place, you can try. You need to reduce the cache response also before sending the requests in parallel, this will reduce the “gitter” time. Hope this helps!
Practically this lab made no sense to me, i tried to approach it by buying a gift card and intercepting the redeem gift card request before the gift card could be redeemed, unfortunately sending them in parallel only had the rest of the request render an invalid coupon code. Do you think bruteforcing on intruder with a wordlist of possible giftcard codes would work?
I will also try solving it with your approach :)
Brute forcing can be an option, unless there is a WAF or request throttling option in place, you can try.
You need to reduce the cache response also before sending the requests in parallel, this will reduce the “gitter” time.
Hope this helps!