HTTP - Verb tampering
- Description: Bypass the security establishment.
- Difficulty: Easy
🔎 Solution​
When accessing the website, an alert box appears asking for login credentials. Entering random information obviously does not grant access.
By inspecting the traffic in Burp Suite, we can see that the server responds with HTTP status code 401 Authorization Required.
One way to bypass this behavior is to change the HTTP method from GET to another method such as POST or PUT. After modifying the request method to PUT and resending it, the server responds with the flag.Æ°
🚩Flag​
a23e$dme96d3saez$$prap