Community Manager
Community Manager
Bronze IStuck on Q4. What tool to use to analyse the Application.
Silver IItry to analyse the web-calls, etc. imagine how the login process could be. try to solve Q5 first (and enjoy the rabbit hole).
Silver IShes a tasty one for sure. Hardest one yet.
Any other suggested hints to move in the right direction?
Silver IIhmm… my remarks above are enough indication :) keyword: analyze the flow
Silver IIIIf you're clueless like I am (I would have preferred ghidra and a x64-dbg, which - I'm 100% convinced - are just enough to solve the challenge. Functions like write_token, getToken etc. are there. Or try to extract all GIF and PNG images, but that road leads nowhere, too.), then you'll write a reverse proxy in python, and let the traffic flow via that reverse proxy. Or just use netcat to read the packets from the client, and then send them to the API, and then answer back. Since it's all http with text/ascii it can be done.
Pretty sure the official solution will be much simpler.
Silver IBurpsuite is king here and all you need.
Silver IIIOh yeah, burp is used in the official solution.