Misdirection - H@cktivityCon CTF

Category: Scripting
Solves (at time of writing): 340
Description: Check out the new Flag Finder service! We will find the flag for you!


We start out with a link to a website.

Clicking on it we go to the "Flag Finder"

If we click the "Find The Flag" button, we get lots of redirects until we get to a "Sorry" webpage:

I tried it a few times but got the same page every time, so I wanted to take a closer look at the redirects.

We can do that with burpsuite, it logs everything that happens between you an the server (in a more readable way than wireshark).

We can see that the MIME-Type isnt really consistent, sometimes it doesnt send websites but rather data.

Lets take a look at the data that's being sent.

So we can see the different parts of the flag here in burp.

Me being too lazy to write a script for such a trivial task just went through the requests and pieced the flag together (they were in the right order so that made it easier)

Until I ended up with flag{http_302_point_you_in_the_right_redirection}

~sw1tchbl4d3, 31/07/2020 (dd/mm/yyyy)