Authentication Bypass via Direct Access

Apply what you learned in this section to bypass authentication to obtain the flag.

For this assessment, we are assuming that after a successful login we are redirected to /admin.php. So we'll try to access to SERVER_IP:SERVER_PORT/admin.php.

Step 1 - Intercept the Request

• Access to

• Intercept the Response

Step 2 - Modify the Response:

• Foward the Request to Receive the Response

• Modify the Response to 200 OK

• And forward again

Step 2 - Access the admin panel:

• /admin.php hanging before we forward the modified Response:

• Right after we forward it we get the flag!