Skills Assessment - Using Web Proxies First Question

matlevac · January 20, 2022, 1:21am

Hello,
I’m doing the Web Proxies skills assessment and I’m stuck at the first question:
The /lucky.php page has a button that appears to be disabled. Try to enable the button, and then click it to get the flag.

I’ve tried to match and replace the response in Burp, replacing the ‘disabled’ by ‘enabled’. It seems to work when I click on the button now but it gives me a blank screen everytime.

The hint says the button doesn’t give the flag everytime but I don’t know what else I can do to be able to click it many times. Can anyone maybe give me a hint here?

onthesauce · January 20, 2022, 1:28am

Its been a while since I have done that question, but I am pretty sure you should keep trying the button.

I think I enabled the button, then captured the request and sent it to the repeater. Try out the repeater, it is easier to see the results.

Good luck,
-onthesauce

matlevac · January 20, 2022, 1:42pm

Do you enable the button via the request or the response?

Because when I change ‘disabled’ to ‘enabled’ with the replace rule in the response body, it seems to work but I keep getting the blank screen. Or, the closest i think I’ve come to it is a GET success.txt but the word ‘success’ is not the flag.

onthesauce · January 20, 2022, 2:25pm

Steer away from the replace rule for this one. That might be over complicating it.

In the options, just check the box to have the proxy display responses. Modify it once there. Then press the button and do what I mentioned above.

DM me if you still have trouble.
-onthesauce

matlevac · January 20, 2022, 8:40pm

Got it. I had to try more times than I expected. I probably just wasn’t patient enough.

onthesauce · January 20, 2022, 8:56pm

Nice, glad to hear it. Patience is definitely needed with some of these modules.

19delta4u · December 6, 2022, 10:54pm

Using the embedded Burp Browser, I changed “disabled” to “enabled” in Developer Tools while capturing the traffic in Burp. Clicked on the button again in the Burp Browser. Then I sent the new request to Repeater. You should see “getflag=true” in the request. If not, you’re doing something wrong. Then I kept sending the request, maybe 5-10 times. Eventually the flag was included in the response. I think that’s part of the theme of:

I'm feeling lucky!

John

wilasky · April 1, 2023, 8:41am

First, using the Burp browser, you navigate to XXX/lucky.php and forward it.
Second, in the browser, you press F12 (DevTools) and switch from “disable” to “enable”.
Third, then you press the flag button.
Fourth, you capture it and send it to Repeater, it should show up in the Request as getflag=true.
Fifth, you forward it several times until the flag appears in the response

Darthmaul0x0 · August 26, 2023, 8:13am

Keep an eye on content length size; it should tell you which response has the flag.
The question primarily tests whether or not you can apply the “Repeater” feature effectively.

niagoum · November 10, 2023, 9:27am

success.txt should be firefox requests. It has no associated with this assessment.

godbout · April 2, 2024, 6:39pm

intercepted the request
intercepted the response, removed disabled
send again the request, now a getflag=true shows up in the body
send to repeater
repeat a couple of times, nothing

couldn’t get what i was doing wrong. happens that i had to call the repeater 38 times before the flag showing. thought that was insane. tried again, appeared after 48 times. this is massive bs.