Author: Marin Radu
Inspect requests made by the web application
- Understand HTTP requests
- Source code
You need to act as a proxy and inspect the data sent from the index page.
You can either use BurpSuite or just Developer Tools.
If you use Developer Tools, head to the Network tab,
select the generate_flag.php file, and view the Response.
There, you'll see the actual flag that is sent every minute,
changing its contents every 5 minutes.
My script uses the JavaScript Fetch API to retrieve the result
you get when you run the generate_flag.php script.
I also created an animation that throws each letter of the flag
in random locations on the screen, one after another.
Flag:
CSCTF{hash-that-changes-every-5-minutes}