Saturday, November 1, 2014

Natas 4

This one says:

Access disallowed. You are visiting from "" while authorized users should come only from "" 

It's likely using the comically misspelled "HTTP Referer" header to figure out where you came from.

What happens if we intercept the request to with BURP proxy, add an "HTTP Referer" header, and set it to ""?


No comments:

Post a Comment