 How's it going everybody? My name is John Hammond. We're still looking at some of the LASA CTF challenges for this capture-to-flag competition Currently the challenge I'm on is postman and the prompt here is cow made a super secure website only accessible by the Google Ultron browser figure out how to log into his site. Well, that should be pretty easy It sounds like it's just a simple user agent fix and it turns out it is looks like okay Air authenticated browser muzzle Firefox Bob. Okay. That's clearly our user agent variable only users of the Google Ultron Must access this page or may access this page. Okay easy then we can we can simply write something to do that, right? We can we can get some code to do that Python change user agent I just want to be able to quickly grab the syntax for that because I know I'm gonna be using URL of requests and Okay, it looks like some guy just whipped out some code for it. So let's try and You can see it right there. I'll put that together in a script for us I'll fire up sublime text Troll this in actually I'll remove all this so I can just save this and Cyber team competitions last the CTF postman. Let's call this. I know we can get the flag with this So let's call this get flagged out pie. I'll give a little shebang line and We're want it gonna import URL lib to and here's a code that we need our address is gonna equal If I run this it's just that simple URL over there It looks like we can just bring that in for our address Variable it looks like we're just supplying specific headers So if I run this now, let's actually see what that for response is Sponsor read Okay unauthorized browser Mozilla the same thing we had we had seen before we needed Google Ultron To be our user agent, right? So let's try Google Ultron run this now Okay, we get special off header must be set to lots of my name Okay, we have to set another header, right? Well, we can do that with the same syntax here It looks like we're just adding tuples to this variable. So I guess we need Special off must be set to the guy's name Oh, it tells us here guys name is Kyle so we can just pass in Kyle there now if we run this Oh, the site must be accessed from Kyle as a cool guy that or okay fine. We can do that too We know there's a special HTTP header, which is a referer And we can set that to Kyle's a cool guy.org run this now Successfully authenticated your flag is Lasses CTF headers are cool sweet. Let's actually just split this up so we can get Um Get the very end of it and we'll remove that Header tag So now we get our flag sweet in our terminal. Let's make this executable Get flagged up high There's our flag. Let's just throw that and submit it in and Cool 50 more points job done. Thanks for thanks for watching guys throwing together a little bit of a Python script just to change a web browser HTTP Request headers good stuff and Python really easy. Just grab the syntax for it We knew we'd be using the URL of module if you haven't seen that before I'd recommend you do a little bit of research on it to see what you can poke around with and play with I think I might have a few videos on it But right now what we're doing is adding headers and calling a couple of requests. So sweet. Thanks for watching guys See you in a tutorial