After countless hours I finally got the flag! Wow, what a journey that box was. So much temptation to look at discussion for hints but I’m proud of myself for doing it on my own. I would not rate this an easy but maybe I’m just a dummy.
Really cool exploit path, I learned a ton.
Can someone give me hint to bypass localcheck ? I tried to add various headers to P*** method but none of them works.
edited: nah, I found it 
(removing because of hints)
Fuck my brains! It took so long to sort out this box … Thanks for the tips above.
I’m having this exact same problem. I am getting the right type of request sent to the right endpoint but I get an exception raised due to req.socket.remoteAddress being undefined during the IP check.
Did anyone else run into this? How did you solve it?
Update: Nevermind, figured it out! Great challenge, I learned a ton along the way.
Hi, I am stucking at re*******ess is undefined, how can I bypass it?
I just realize how to finish this box and I want to give a little clue:
Focus on register function, but not directly.
I’m going crazy here! I know how to get the login working, I just need to be able to bypass the localhost check. I have a few theories, but so far none worked, can somebody give me a hint? is it through proto-p? req smuggle? 
Hey guys just completed the challenge
{got some help from discord}
Well HINT: Look at the source code of js files carefully
1 > Check the weather for different city and notice what is happening
2 > IMP : Divorces are bad but we kinda need them
3 > Keeping distance is the key
Smuggling is bad {KEEP THE DISTAnCE}
Synonm for Separating
Hello, I send a post request with the right endpoint but it tells me it {error:Couldn’t find Dallas or Us}" Which are the city name and country,any help?
I’m trying to work on bypassing localhost checking on /rr. Is SF on /a/w***r the way to go? Seems like the wrong type of request…
Your comments have just confused me more 