search

GET aHEAD

https://play.picoctf.org/practice/challenge/132

  • The title of the challenge is GET aHEAD, the fact that HEAD is bolded could mean that it has something to do with the different [[HTTP request methods]]

  • Going into [[BurpSuite]], I opened up the proxy and went to the challenge website

  • after making a couple request, I opened the logger tab to see my requests, and then right clicked on one of the GET requests and sent it over to Repeater

  • I changed the GET request to a HEAD request and sent it, and it returned the flag!!!

PreviousCookiesNextIncludes

Last updated