In the following CTF game the player looks into the HTTP communication and its request methods. It is a great opportunity to learn about what happens behind the scenes during loading a web page. The game is on PicoCTF.
GET aHEAD
When we open the task the following description welcomes us:
Find the flag being held on this server
to get ahead of the competition
http://mercury.picoctf.net:34561/
GET is an HTTP request method, so from this text and the title you will suspect that you have to do something with it.
Everybody knows GET and POST, let’s look into the topic a bit more.
Use the following links as reference:
HTTP request methods are essential components of HTTP requests, allowing clients to specify the desired action to be performed on a resource. Some common HTTP request methods include GET, POST, HEAD, PUT, DELETE, CONNECT, and OPTIONS. GET and POST are widely supported, while support for other methods may be limited but expanding. GET requests are used to retrieve data, while POST requests are used to submit data to the server, often causing a change in state or side effects. HEAD requests ask for a response identical to a GET request but without the response body. PUT requests replace all current representations of the target resource with the request payload, while DELETE requests delete the specified resource. CONNECT requests establish a tunnel to the server identified by the target resource. OPTIONS requests describe the communication options for the target resource
Read about the different HTTP methods. You will notice that there is a method called HEAD. What a coincidence! Our title says “get a HEAD” or something like that.
Start a Burp Suite or any your favorite software for intercepting web communication and check those request headers!
Turn on intercepting the communication with the Burp Proxy, and navigate to the site, try to use one of the buttons like “Choose Red“. You will see something similar like this:
GET /index.php? HTTP/1.1
Host: mercury.picoctf.net:34561
(...)
Now “GET aHEAD” and change the GET to HEAD!
Right click on the text and send it to the Repeater tab.
Navigate to the Repeater window.
Change the text to:
HEAD /index.php? HTTP/1.1
Host: mercury.picoctf.net:34561
Use the Send button to send the request to the web server.
There is the flag in the Response!
You’ve solved another CTF game.
If you want to discuss the topic with other technology-minded people, join my Discord: https://discord.gg/YbSYGsQYES
Now we have an IRC channel as well: irc.libera.chat / #tomsitcafe
Tom's IT Cafe 