🌐 Picobrowser

A detailed write-up of the Web challenge 'Picobrowser' from PicoCTF - 2019

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/PicoGym/PicoCTF-2019/Web

01/03/2025 348 words 2 minutes

Contents

/images/PicoGym/PicoCTF-2019/Picobrowser/challenge_presentation.png — Challenge Presentation

📊 Challenge Overview

Category Details Additional Info

🏆 Event PicoGym Event Link

🔰 Category Web 🌐

💎 Points 500 Out of 500 total

⭐ Difficulty 🟡 Medium Personal Rating: 1/10

👤 Author Archit Profile

🎮 Solves (At the time of flag submission) 32.177 solve rate

📅 Date 21-02-2025 PicoGym

🦾 Solved By mH4ck3r0n3 Team:

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points	500	Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: 1/10
👤 Author	Archit	Profile
🎮 Solves (At the time of flag submission)	32.177	solve rate
📅 Date	21-02-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

This website can be rendered only by picobrowser, go and catch the flag! https://jupiter.challenges.picoctf.org/problem/26704/ (link) or http://jupiter.challenges.picoctf.org:26704

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

Site Presentation

Clicking on the Flag button gives me an error message:

Error

you are not picobrowser and then the User-Agent header field from the request I made is printed. From here, one should already understand the resolution of this challenge.

🎯 Solution Path

Exploitation Steps

Initial setup

First, I intercepted the request with Caido:

Request

And as we can see in the User-Agent header field, it contains the same User-Agent seen in the 🔍 Initial Analysis section. Let’s proceed with the exploitation.

Exploitation

The User-Agent field is designed to identify the user agent responsible for sending a specific HTTP request. So, we can simply replace it directly with Caido, making it User-Agent: picobrowser. After forwarding the request, I obtained the flag in the response.

Flag capture

Manual Flag

🛠️ Exploitation Process

Approach

The exploit sends a simple GET request to /flag with the User-Agent: picobrowser header, then extracts the flag from the response using a regex.

Exploit

🚩 Flag Capture

Flag

Proof of Execution

Automated Flag

Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose

Python Exploit

Caido Web Testing

Tool	Purpose
Python	Exploit
Caido	Web Testing

💡 Key Learnings

Skills Improved

Binary Exploitation

Reverse Engineering

Web Exploitation

Cryptography

Forensics

OSINT

Miscellaneous

📚 References & Resources

Similar Challenges

Who are you

Learning Resources

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent

📊 Final Statistics

Metric	Value	Notes
Time to Solve	00:01	From start to flag
Global Ranking (At the time of flag submission)		Challenge ranking
Points Earned	500	Team contribution

Created: 21-02-2025 • Last Modified: 21-02-2025 *Author: mH4ck3r0n3 • Team: *