WebVerse Tricky Tunnels Walkthrough — FastAPI Debug Endpoint Info Leak

Описание: WebVerse Tricky Tunnels Walkthrough — FastAPI Debug Endpoint Info Leak

In this video, I solve Tricky Tunnels, a WebVerse web/API security lab focused on a FastAPI debug endpoint information disclosure vulnerability.

This walkthrough covers a realistic API security recon and exploit chain:

robots.txt reconnaissance
FastAPI /docs (Swagger UI) exposure
/openapi.json endpoint enumeration
discovering an unauthenticated internal config endpoint
extracting sensitive data from a leaked JSON response

If you're learning web hacking, API security testing, FastAPI pentesting, or how debug endpoint exposure leads to sensitive data exposure / information disclosure, this lab is a great hands-on example.

Try Tricky Tunnels (and more WebVerse labs):
https://webverselabs.com

Read the full Tricky Tunnels blog writeup:
https://blog.webverselabs.com/webvers...

What you’ll learn in this Tricky Tunnels walkthrough:

Why robots.txt is a recon source (not access control)
How exposed FastAPI Swagger docs (/docs) help attackers enumerate routes
How /openapi.json can reveal internal API endpoints
Why unauthenticated diagnostic/config endpoints are dangerous
How information disclosure bugs can leak secrets (JWT secrets, internal URLs, flags, etc.)
A practical beginner workflow for web and API security lab enumeration

This is an intentionally vulnerable lab for educational purposes. Practice safely and only test systems you own or are authorized to assess.

#WebVerse #WebSecurity #APISecurity #FastAPI #Pentesting #InfoDisclosure #OWASP #Swagger #OpenAPI #EthicalHacking