This lab draws inspiration from Brett Buerhaus, also known as Ziot (Twitter/X: @bbuerhaus). Brett stumbled upon a web application during a BugBounty program, where the frontend JavaScript was responsible for generating signatures, ostensibly to craft "secure" requests to the application's API.

For a detailed account of Brett's findings, check out his blog entry:

https://buer.haus/2024/01/16/reversing-and-tooling-a-signed-request-hash-in-obfuscated-javascript/

Your challenge is to delve into the JavaScript code, leveraging your skills to forge your own signed requests. The ultimate goal is to uncover the contents associated with article ID 3. Be aware that this endeavor will necessitate exploiting a secondary vulnerability within the application.