Want to run this Docker container locally?

 docker run -d -p 3999:80 --restart always --name ctf-redirection joshbeck2024/ctf-redirection-challenge

Mr. Beck Personal Note:

• Watership Down (Richard Adams) has a special place in Mr. Beck’s heart.
  • It’s awesome. Read it if you haven’t!

Short Summary:

die() is missing on index.html and code is revealed in the redirect when intercepting in burp.

You’ll want to use Burp Suite for this challenge:

• Need a Burp Refresher: Click Here

Capture the redirect in burp suite and take a look at the initial index.html

• It serves up the 301 redirect.
• You’ll see there is residual code still resident on index.html.
• Remediation Suggestion:
  • The die() method should have been used to prevent this data leak directly after the redirect is executed to prevent data exposure like this.