Rating:

SSRF - First request goes through advocate library to ensure it's not malicious. If nothing detected, the second request is made to same URL. We can use flask app to serve benign page or redirect, for the alternating requests.

Solve script: https://github.com/Crypto-Cat/CTF/blob/main/ctf_events/seetf_22/web/super_secure_requests_forwarder/app.py

Video walkthrough: https://youtu.be/-cc4U1H53F8?t=4180

Original writeup (https://youtu.be/-cc4U1H53F8?t=4180).