I’m doing the Web Proxies skills assessment and I’m stuck at the first question:
The /lucky.php page has a button that appears to be disabled. Try to enable the button, and then click it to get the flag.
I’ve tried to match and replace the response in Burp, replacing the ‘disabled’ by ‘enabled’. It seems to work when I click on the button now but it gives me a blank screen everytime.
The hint says the button doesn’t give the flag everytime but I don’t know what else I can do to be able to click it many times. Can anyone maybe give me a hint here?
Its been a while since I have done that question, but I am pretty sure you should keep trying the button.
I think I enabled the button, then captured the request and sent it to the repeater. Try out the repeater, it is easier to see the results.
Do you enable the button via the request or the response?
Because when I change ‘disabled’ to ‘enabled’ with the replace rule in the response body, it seems to work but I keep getting the blank screen. Or, the closest i think I’ve come to it is a GET success.txt but the word ‘success’ is not the flag.
Steer away from the replace rule for this one. That might be over complicating it.
In the options, just check the box to have the proxy display responses. Modify it once there. Then press the button and do what I mentioned above.
DM me if you still have trouble.
Got it. I had to try more times than I expected. I probably just wasn’t patient enough.
Nice, glad to hear it. Patience is definitely needed with some of these modules.
Using the embedded Burp Browser, I changed “disabled” to “enabled” in Developer Tools while capturing the traffic in Burp. Clicked on the button again in the Burp Browser. Then I sent the new request to Repeater. You should see “getflag=true” in the request. If not, you’re doing something wrong. Then I kept sending the request, maybe 5-10 times. Eventually the flag was included in the response. I think that’s part of the theme of:
I'm feeling lucky!
First, using the Burp browser, you navigate to XXX/lucky.php and forward it.
Second, in the browser, you press F12 (DevTools) and switch from “disable” to “enable”.
Third, then you press the flag button.
Fourth, you capture it and send it to Repeater, it should show up in the Request as getflag=true.
Fifth, you forward it several times until the flag appears in the response
Keep an eye on content length size; it should tell you which response has the flag.
The question primarily tests whether or not you can apply the “Repeater” feature effectively.
success.txt should be firefox requests. It has no associated with this assessment.