Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn http://mercury.picoctf.net:1270/
- It ain't much, but it's an RFC https://tools.ietf.org/html/rfc2616
When we visit the site, it says
Only people who use the official PicoBrowser are allowed on this site!
There are many ways to approach this (some alternatives are curl and burp suite) but I ended up using Postman's HTTP request. We'll unhide requests and override the default User-Agent request with a PicoBrowser agent.
I don't trust users visiting from another site.
Now, we need to make the header show it's from the same site. We'll use a key of Referer with a value of the site (http://mercury.picoctf.net:1270/)
Sorry, this site only worked in 2018.
We'll use the Date header with any value from 2018, for example "1 Jan 2018"
I don't trust users who can be tracked.
We can set DNT which is "do not track" to 1 (true).
This website is only for people from Sweden.
We can use the X-Forwarded-For which will change the originating IP address. Grab any random IP address from Sweden like 12.16.66.01
You're in Sweden but you don't speak Swedish?
We can use the Accept-Language header to specify which languages are ok. We can look through a list of languages and find Sweden's subtag is sv.
picoCTF{http_h34d3rs_v3ry_c0Ol_much_w0w_f56f58a5}