Skip to main content

picobrowser

  • Description: This website can be rendered only by picobrowser, go and catch the flag!
  • Difficulty: Medium

🔎 Solution​

When accessing the website, there is a single Flag button. Clicking it returns a message stating that I am not using picobrowser, along with my current User-Agent value displayed in the response.

From this behavior, it is clear that the challenge expects the User-Agent to be modified to a specific value, namely picobrowser. By using the Repeater feature in Burp Suite and changing the request header to User-Agent: picobrowser, the server accepts the request and returns the flag.

🚩Flag​

picoCTF{p1c0_s3cr3t_ag3nt_fba5c48f}