Tags: web headers websec 

Rating:

First, let's open the website in a browser to see what we find. We see a page with a lot of Among Us related content, and a (fake) link that claims to link to the flag but actually links to a rickroll. We also see a section about how Yellow is sus and a bunch of Among Us emojis. This signals that something related to the Yellow Among Us character (or crewmate) might have the flag.

Now let's use the browser's developer tools to find more information. We don't find much in the website sources other than the source code for the website, which is very uninteresting in terms of security. We then move on to the network requests. If we look through the main request, we don't find much other than the typical headers and data. However, when we look at the request for [http://litctf.live:31779/sussy-yellow-amogus](http://litctf.live:31779/sussy-yellow-amogus), we find that header `sussyflag` is `LITCTF{mr_r4y_h4n_m4y_b3_su55y_bu7_4t_l3ast_h3s_OTZOTZOTZ}`, and we have the flag.