https://github.com/Blystad/googlectf_writeups/tree/master/networking/opabina_regalis_input_validatio...

For this I just re-used all the code from Opabina Regalis Downgrade Attack.
<span>
I just had to change the URI to point to /protected/token instead of /protected/secret, and it was done.</span>

Original writeup (https://github.com/Blystad/googlectf_writeups/tree/master/networking/opabina_regalis_input_validation).