Flag W 600.1: Word (10 pts)You see a page showing your accomplishment on the PortSwigger Web Security Academy.The flag is the word covered by a green rectangle in the image below.
|
Click the orange "Sign up" button.
Enter your email account and click the green Register button.
Check your email. Follow the instructions there to complete your registration.
When you first log in on the Portswigger page, you end at the "My account" page.
At the top right, click Academy.
Flag W 600.1: Word (10 pts)
You see a page showing your accomplishment on the PortSwigger Web Security Academy.The flag is the word covered by a green rectangle in the image below.
Download Burp Suite Community Edition. Install it.
If you have problems, consult this page for more tips:
https://portswigger.net/burp/documentation/desktop/getting-started/installing-burp
At the Welcome page, accept the default selection of "Temporary project" and click Next.
On the next page, accept the default selection of "Use Burp defaults" and click "Start Burp".
Burp opens on the Dashboard tab. Click the Proxy tab.
Click the "Intercept is on" button, so it changes to "Intercept is off", as shown below.
Click the "Open Browser" button.
In the Browser, go to:
https://samlols.samsclass.info/129S/flag.php
as shown below.
Flag W 600.2: HTTP history (10 pts)
In Burp, on the Proxy tab, click the "HTTP history" sub-tab.Click the GET request that loaded the flag.php page. The Response contains the flag, covered by a green rectangle in the image below.
You see a list of topics, as shown below.
You can do these in any order, but I recommend starting with these ones because they are easier:
Collecting Points for Web Security Academy Labs
In Burp's browser, while logged in to the Web Security Academy, load this page:https://portswigger.net/web-security/dashboard
In Burp, on the Proxy tab, click the "HTTP history" sub-tab.Click the GET request shown below. Copy the session cookie, highlighted in the image below. Paste that cookie into the form below to record your points.
