思路
- http请求头
EXP
- 访问网页显示内容: 只允许本地访问
- 添加请求头: X-Forwarded-For: 127.0.0.1
- 网页内容提示: 只会xff?真是逊呐
- 修改请求头: Client-IP: 127.0.0.1
- 网页内容提示:You are not from pornhub.com !
- 添加请求头:Referer: pornhub.com
- 网页内容提示: 用Chrome浏览器啊!
- 添加请求头:User-Agent: Chrome
- 网页内容提示:
不开代理你想上p站?
代理服务器地址是Clash.win - 添加请求头:Via: Clash.win
- 以上步骤,也可以使用curl命令
curl http://node5.anna.nssctf.cn:28768/ -H "client-ip:127.0.0.1" -H "Referer:pornhub.com" -H "User-Agent:Chrome" -H "Via:Clash.win"
- 浏览器访问地址: /wtfwtfwtfwtf.php
- 鼠标右键查看源代码:
<html>
<title>你说得对,but where is flag?</title>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<a href="https://doc.miyun.app/app/clash-win/">
The first step-----><button>click me to get Clash!</button>
</a>
</body>
<body>
<a href="https:pornhub.com/">
The second step-----><button>open your eyes on pornhub️</button>
</a>
</body>
<body>
<a href="./jiege.jpg">
The 3rd step-----><button>that is what you want: 色图.jpg</button>
</a>
</body>
<!--你就冲吧,什么都冲只会害了你自己 bdy好康的在 /sejishikong.php-->
</html>
- 浏览器访问地址: /sejishikong.php
- 拿到flag
总结
- X-Forwarded-For: 127.0.0.1 #只允许本地访问
- Client-IP: 127.0.0.1 #只允许本地访问
- Referer: google.com #从谷歌访问
- User-Agent: ABC Browser #指定可访问的客户端浏览器
- Via: Clash.win # 指定代理服务器地址
- 使用url命令:
curl
http://node5.anna.nssctf.cn:28768/
-H "client-ip:127.0.0.1" -H "Referer:pornhub.com" -H "User-Agent:Chrome" -H "Via:Clash.win"
其他请求头参考: https://blog.csdn.net/qq_42684504/article/details/106634035