IntoToBurp

Problem Description

*Try  here  to find the flag

• Target: http://titan.picoctf.net:57038/
• Goal: extract a flag
• Initial Observations: The name of the challenge gives a hint of using Burp suite

Tools Used

• Burp suite

Solution Steps

1. First Glance
   You get a registration page you can fill with any data after intercepting it nothing was interesting.

   

2. The OTP page
   After submitting the registration form you get a 2FA page requesting an OTP I tried some random values but nothing worked.

   

3. The finally
   I thought that what happens if I removed the otp in the request then here it is the flag