Topic link: http://www.shiyanbar.com/ctf/29
Click on the topic link, and what catches your eye is a very conscientious English prompt:
There are three requirements for this question: 1. Use the .net 9.9 framework 2. In the UK 3. Use the IE browser.
Of course, we don't need to install .net 9.9, we don't need to use the IE browser, and we don't need to go to the UK. We just need to modify the request header information so that the server thinks we meet the conditions.
Here, the editor still uses the Burp Suite tool to intercept requests. If you don’t know much about the basic usage of Burp Suite, you are welcome to browse the blog series about the basic teaching of Burp Suite written by the editor.
The first step is to tune the browser proxy and Burp Suite proxy monitoring to the same, and then intercept the request and send it to the Repeater.
Now let's think about the information we need to change. First, in User-Agent, add compatible; MSIE 6.0, so that the server thinks that we are using IE6.0 browsers, and then add .NET CLR 9.9, so that the server thinks we are using IE6.0. .NET 9.9 framework installed. The next step is to modify the Accept-language to en-gb, so that the server thinks we are in the UK.
Click go, send to get flag^v^