Hello,
I’m doing the Web Proxies skills assessment and I’m stuck at the first question:
The /lucky.php page has a button that appears to be disabled. Try to enable the button, and then click it to get the flag.
I’ve tried to match and replace the response in Burp, replacing the ‘disabled’ by ‘enabled’. It seems to work when I click on the button now but it gives me a blank screen everytime.
The hint says the button doesn’t give the flag everytime but I don’t know what else I can do to be able to click it many times. Can anyone maybe give me a hint here?
Do you enable the button via the request or the response?
Because when I change ‘disabled’ to ‘enabled’ with the replace rule in the response body, it seems to work but I keep getting the blank screen. Or, the closest i think I’ve come to it is a GET success.txt but the word ‘success’ is not the flag.
Using the embedded Burp Browser, I changed “disabled” to “enabled” in Developer Tools while capturing the traffic in Burp. Clicked on the button again in the Burp Browser. Then I sent the new request to Repeater. You should see “getflag=true” in the request. If not, you’re doing something wrong. Then I kept sending the request, maybe 5-10 times. Eventually the flag was included in the response. I think that’s part of the theme of:
First, using the Burp browser, you navigate to XXX/lucky.php and forward it.
Second, in the browser, you press F12 (DevTools) and switch from “disable” to “enable”.
Third, then you press the flag button.
Fourth, you capture it and send it to Repeater, it should show up in the Request as getflag=true.
Fifth, you forward it several times until the flag appears in the response
Keep an eye on content length size; it should tell you which response has the flag.
The question primarily tests whether or not you can apply the “Repeater” feature effectively.