Official WS-Todo Discussion

Official discussion thread for WS-Todo. Please do not post any spoilers or big hints.

This challenge was realy nice, if someone want to talk about it feel free to dm me on discord:


hay…I was trying to solve this challenge and got stuck. I think I am close to the end… anyways I have sent you a DM on Discord with the details, and I would appreciate it if you could Help me out.

Thanks in advance.

Really liked this one, (re)learned some stuff.

I’ve been stuck on this for a while trying to bypass the websocket session, when admin navigates to the reported page it won’t use it’s session cookie to make the websocket request Any hints would be greatly appreciated :slight_smile:

Really nice chall. Had to learn more about common browser protections.

Hint: there is a browser protection that applies to common GET/POST requests but doesnt apply to websocket requests.

is it working?
I have following error in local box:

Error parsing task {"title":"a","description":"a","secret":"REDACTED"}: Error: Invalid key length

In actual box I get empty task list even after successful creation (I assume it is same issue).

It works for me, remote and local

1 Like