Back to casesCASE FILE / C-101
Professional CTF · Web

Header Trust

A development endpoint trusts a claim the browser is free to change.

DifficultyEasy
Reward100 pts
Est. time15 min

Challenge

Inspect the supplied HTTP exchange and identify the header responsible for the authorization mistake.

Submit the header name in uppercase with hyphens replaced by underscores.

Evidence

2 items
E-01Captured request
GET /internal/report HTTP/1.1
Host: lab.bashctf.local
X-Forwarded-For: 127.0.0.1
User-Agent: BashCTF Investigator
E-02Developer note
Temporary: permit internal reports when the proxy says the request originated locally.
Submit your finding

Enter the flag

100 points