This is one of my writeups for PicoCTF 2018
Here's a little website that hasn't fully been finished. But I heard google gets all your info anyway. http://2018shell3.picoctf.com:11421
- How can your browser pretend to be something else?
Here, the task name and hint seemed indicate that the
User-Agent header is involved. Sure
enough, if we check the site and follow the link to
/flag, we get the
following error (abbreviated here) :
You're not google! Mozilla/5.0 [...]
This tells us two things :
- The app is looking at our user agent (since it's displayed in the error)
- It's expecting "Google"
Now the way Google indexes websites is that it has bots crawling the web. Those bots are "polite", which means among other things that they correctly indicate their identity (as opposed to trying to pass for a regular browser). We can assume that what is expected here is Google Bot user agent.
A quick search for "googlebot user agent" yields the following page : Google crawlers (user agents).
As indicated, Googlebot is the most common Google crawler, so let's use it's user agent :
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
/flag again, this time using that user agent (I used
Burp suite's proxy and repeater, but there are
other ways to do that) we get the flag :