HackTheBox invite using Burp

How I got the HackTheBox invite code using Burp suite.

There are much easier ways to aquire the invite code, this tutorial is by using Burp

Programs:
• Burp suite
• Firefox ESR

(1) First I set my Firefox proxy to 127.0.0.1 for Burp to interecept the traffic.

(2) Turned on Spider

(3) Looked at the sitemap and saw something interesting… inviteapi.min.js

(4) Converted the inviteapi.min.js to something more readable using beautifier.io. Saw an interesting function makeInviteCode()

(5) Sent the inviteapi.min.js file to the repeater, changed GET to POST.

(6) Saw some interesting data encoded in R0T13.

(7) Added https://www.hackthebox.eu/invite to the repeater, and POSTED the decrypted filepath

(8) Saw another interesting data and encoded in base 64, found the invite code once decrypted :)