实验吧web之猫抓老鼠
flag值:KEY: #WWWnsf0cus_NET#
解题步骤:
1.观察题意,说是猫抓老鼠,catch!catch!catch!嘿嘿,不多说了,再说剧透了通过这句话判断是让我们来抓包,于是进入解题页面
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154103217-2144071531.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/e6557c00640b49f7a03a86f59df6554c/clipboard.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/e6557c00640b49f7a03a86f59df6554c/clipboard.png)
2.通过一些列的提交和查询源代码,并没有发现什么问题,于是打开burp进行抓包测试
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154111012-1548778485.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/a4bede8b42e14dfc97d27493f3e01c9a/clipboard.png)
3.进入解题界面,打开抓包工具,随便输入一点字节或者数字,看burp返回信息
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154119279-1678810191.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/4ce10ba764ea40e7a40ed2a2f708cd35/clipboard.png)
4.根据这个回显判断不出来什么,于是点击Action选择Repeater复制到此功能进行下一步操作
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154131098-1360646653.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/1293b43e686d45c3adae52ae487b99f0/clipboard.png)
5.点击GO进行下一步,看回显
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154137870-2118739662.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/d084efaa2e6f4ed3a69af5cbe551bb2e/clipboard.png)
6.回显提示Check Failed!,判断密码错误,这时发现多了一个Content-Row的数值,为base64加密,于是我们进行解密判断
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154146412-683131971.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/af3695b9c8aa411ba465a6c293f47170/clipboard.png)
7.填入解密后的数值,发现回显依旧Check Failed!提交错误,进行观察
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154157895-918104917.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/806aaa63cdea44b8913a8de6bd62daf7/clipboard.png)
8.发现Content-Row的base64加密密文发生变化,再次进行解密,发现是时间戳问题
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154206118-680642033.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/df5df50b4bd9449ca5501ed7641601a2/clipboard.png)
9.由此判断,可以进行时间戳提前的操作,计算出1分钟到2分钟的时间,也就是60s-120s,然后进行base64加密,把加密后的密文放进左侧pass-key中,一直点击GO进行测试
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190904154214561-491054939.png)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/efc673fe2590469e9e0d8d5842e05c64/clipboard.png)
10.右侧答案出现,flag值为KEY: #WWWnsf0cus_NET#,提交成功
11.注意把KEY:去掉