there is an update

[ENDMod]

there is an update that make us cant use https://quizizz.com/quiz/
now the quizz id is longer and it wont work for this link

[gunt18]

Were you by any chance able to find out the new correct link for the longer quizIDs?

[kurs0n]

Okay i find a one possible method to get answers. You send GET request to https://quizizz.com/api/main/quiz/<YOUR_QUIZ_ID>?bypassProfanity=true&returnPrivileges=true&source=join

After this you have response with questions and answers with no authentication. But How can I get a Real quizid before the game starts?

[Enter25565]

Android client (v4.39) sends GET request to https://quizizz.com/recommend?quizId=(here you have quizId) after joining a game by using pin.

[kurs0n]

O maybe it will work :D Thank You. I'm starting working.

[ENDMod]

Were you by any chance able to find out the new correct link for the longer quizIDs?

not sure

[kurs0n]

Android client (v4.39) sends GET request to https://quizizz.com/recommend?quizId=(here you have quizId) after joining a game by using pin.

Have you got any solution how to sniff this request?

[Enter25565]

Yes, I sniffed that request with help of Xposed module (to defeat SSL Pinning). Sadly, I don't know how the request is generated by the client, which is obfuscated.

[LQR471814]

Update 1/5/2021

I recently decided to take another crack at this problem although after a while rummaging through id's, http endpoints and requests in the web client of Quizizz this is the hypothesis I've come to.

Likely what Quizizz has done to prevent cheating is similar to what another quiz website, Gimkit has done. This is in the introduction of the concept of a "quiz room", a quiz room has it's own seperate id and clients interface with the quiz room instead of using the true quiz id directly, these room ids are likely generated whenever creating an assignment quiz or hosting a live quiz. Going through everything the web client is sent there isn't a single trace of the true quiz id. The 6/10 digit pin that is used to join games likely corresponds to a room id instead of a quiz id, this is probably true for a student join link as well.

From a pure design perspective, the client simply doesn't need the information of what the answers are. It just needs to know if an attempt is right or wrong. So it is very unlikely that there will be some magical method of extracting answers from any arbitrary quiz given only access to the client. When considering other methods of entry, it may be possible to construct some form of malicious XSS to snatch the quiz ids from a quiz owner, that is not a line for me to cross but others are free to try.

There may still be vulnerabilities somewhere, this is simply my hypothesis given the 30 or so minutes of web scraping I did.