PicoCTF - Who are you?

22 Sep 2022 picoCTF

Challenge

Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn
http://mercury.picoctf.net:52362/

Note that everyone ‘s port and flag are different!

Visit this site, it says: Only people who use the official PicoBrowser are allowed on this site! So I use ThunderClient to request website and change User-Agent in the header to PicoBrowser.
It says: I don’t trust users visiting from another site. So we can add the key of Referer with the value http://mercury.picoctf.net:52362/ to the header and request website again.
It says: Sorry, this site only worked in 2018. So we can add the key of Date with the value 1 Jan 2018 to the header and request website again.
It says: I don’t trust users who can be tracked. So we can add the key of DNT which means do not track with the value 1 to the header and request website again.
It says: This website is only for people from Sweden. So we can add the key of X-Forwarded-For, which can change the originating IP, with the value random Sweden IP address to the header and request website again.
It says: You’re in Sweden but you don’t speak Swedish? So we can add the key of Accept-Language with the value sv to the header and request website again. Then we can get the flag! ٩(^ᴗ^)۶
Header should be like :

solidity picoCTF Go ethernaut linux leetcode blockchain sql react leetcode-top-interview array medium typescript smart-contract solana javascript java ethereum easy css Linux zsh ubuntu two-pointer next.js jekyll http hardhat golang ethers Secureum Rust web wallet vscode typeorm truffle stack shell rpc notion notes nodejs nextjs mocha html github git geth express eslint docker cloudflare Vim DSA