You'll be rewarded with a flag if you can make it over some /hurdles.
请求/hurdles
I'm sorry, I was expecting the PUT Method.
使用PUT方法请求
I'm sorry, Your path would be more exciting if it ended in !
要求访问!(这道题。我是懵着做出来的)
I'm sorry, Your URL did not ask to get the flag in its query string.
猜测是请求get=flag
I'm sorry, I was looking for a parameter named &=&=&
参数名得是&=&=&。那么得URL编码下
I'm sorry, I expected '&=&=&' to equal '%00
'
注意。这里有个换行符号
I'm sorry, Basically, I was expecting the username player.
HTTP基础认证。curl--basic指定用户名:密码
I'm sorry, Basically, I was expecting the password of the hex representation of the md5 of the string 'open sesame'
要求密码是open sesame的MD5
I'm sorry, I was expecting you to be using a 1337 Browser.
要求用1337浏览器访问。修改UA头
I'm sorry, I was expecting your browser version (v.XXXX) to be over 9000!
要求浏览器版本为v.9000
I'm sorry, I was eXpecting this to be Forwarded-For someone!
要求XFF头
I'm sorry, I was eXpecting this to be Forwarded For someone through another proxy!
要求用这个XFF代理啥的https://blog.csdn.net/zyhmz/article/details/82505344
X-Forwarded-For: client1, proxy1, proxy2
I'm sorry, I was expecting this to be forwarded through 127.0.0.1
要求XFF代理是127.0.0.1
I'm sorry, I was expecting the forwarding client to be 13.37.13.37
要求客户端是13.37.13.37
I'm sorry, I was expecting a Fortune Cookie
要求cookie有Fortune
I'm sorry, I was expecting the cookie to contain the number of the HTTP Cookie (State Management Mechanism) RFC from 2011.
要求cookie的值是2011的RFC编号。
I'm sorry, I expect you to accept only plain text media (MIME) type.
接受纯文本mime类型https://blog.csdn.net/qq_15071263/article/details/81000313?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task
I'm sorry, Я ожидал, что вы говорите по-русски.
翻译了下。语言是俄语
I'm sorry, I was expecting to share resources with the origin https://ctf.bsidessf.net
请求来自于https://ctf.bsidessf.net
https://www.jianshu.com/p/ccc4416ea298
i'm sorry, I was expecting you would be refered by https://ctf.bsidessf.net/challenges?
Referer头
得到flag
