GET aHEAD
Last updated
Was this helpful?
Last updated
Was this helpful?
Find the flag being held on this server to get ahead of the competition
Use Burp Suite to intercept the request of clicking the "Choose Blue" button.
Change the POST request to a HEAD request:
The returned HTML from the HEAD request in the browser will be empty, but in the HTTP history tab of Proxy in Burp Suite you can find the flag as a HTTP header in the response:
picoCTF{r3j3ct_th3_du4l1ty_cca66bd3}