Description

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:45028/

Solution

Go to the given link and check the website.

There are two buttons. The background color changes as we choose the buttons.

I used the Burpsuite to see what was happening behind the scenes.

I captured the request moment when I clicked the one of buttons.

The request is post method and I receive the response.

There’s no clue of a flag in the response.

I tried changing request methods to put and get.

Unfortunately, they didn’t give me the flag too.

I read the document about request methods and I found what is called “HEAD”

When I tried with the head method, I got the response with the flag.