This challenge is really silly, but what is annoying, is that he was blocking the use of the
Burp Suite and
mitmproxy, but using
postman it is possible to make the requests!
Initially, I tried to do everything straight through the curl, but it did not work, I’m not sure exactly why, but I performed exactly the same
curl things on
postman and it worked:
In the first requests the challenge induced us to send the
OPTIONS to see the accepted methods:
OPTIONS it would tell us that there were 2 parameters to be sent, however, we did not know where, so I tried to send the parameters in both
POST as well.
I noticed that none worked so I tested the two together in other methods until I got through the