I’m getting a little frustrated with my latest interview/coding challenge. They want me to build a backend for an interface and if I have time add a frontend. OK, no problem. Oh, wait, one problem. The problem is before I even begin I have to crack a private API of another company. Not to do anything malicious, but to build an alternate interface to an existing account.
This just seems bizarre to me. The job has nothing to do with hacking or cracking APIs. Is this a typical job requirement? I’m not sure how I feel about this, morally. I know hacking is considered cool now, but I’ve always been one to respect other people’s property and using someone’s server (especially at a for profit company) in a way that they didn’t intend – it leaves me with a bad taste in my mouth.
I’ve never even considered learning to hack as a career move. Maybe it’s good to understand it a little at least for understanding security better.
So, I’m struggling with the challenge. I set up some MITM software and I’ve figured out a few API endpoints. I just can’t figure out how to keep myself logged in while I call other endpoints. It’s easy to do if I’m building this – I just don’t know how to figure out how to do it if I’m hacking into something.
It’s too bad – the rest of the challenge seems like it would be a snap – if I could just get past the hacking step. It seems like a good company too. And it seemed like a good fit, until now. Maybe it’s for the best.
What are people’s thoughts on this? Is it common to ask people to hack something in an interview? I guess this would be grey hat hacking? I could understand if they were asking me to hack their API, but some other company’s? Is this common? Is it ethical?