Rating:
Chall XTrade Fireshell CTF writeup>
1: The objective was: bypass the firewall (CpGuard) and get the points to buy the flag
2: Many players were being blocked by the firewall with each request, they would only be unlocked if they resolved ReCaptcha, while others, in some sessions only needed to resolve 1 to 2 times (another firewall bug).
Bypass:
To solve the chall, we would need to simulate the POST of the function that added the points and got 10.000 points.
In order not to get blocked and not need to solve ReCaptcha, just send the header 'x-forwarded-for: 127.0.0.1' along with POST.
Another way (hard way) was to try to solve ReCaptcha.
