Right now, Juice-shop is lacking a very essential vulnerability, i.e. Serve side request forgery. Juice-shop doesn't have functionality to include it yet.
Here鈥檚 the unordered top 5 features that are often prone to SSRF vulnerabilities:
Webhooks: look for services that make HTTP requests when certain events happen. In most webhook features, the end user can choose their own endpoint and hostname. Try to send HTTP requests to internal services.
PDF generators: try injecting
Also, could be could be request splitting on a specific API call.
Here's a good article to reference it: https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/
So no SSRF chall? 馃槥