GetIP
EasyWeb Security
Overview
Hey there! I'm pretty proud of my new IP lookup service. As a developer, I think I'm quite skilled at handling user inputs and building secure applications. I've implemented a simple service that shows users their IP address - seems straightforward enough, right?
flag format: flag{}
Lab Details
Prerequisites & Requirements
- Basic understanding of web applications and HTTP headers
- Knowledge of command injection vulnerabilities
- Familiarity with proxy configurations (HAProxy)
- Understanding of Flask framework basics
What will you learn?
- How HTTP proxy headers can be manipulated for exploitation
- Understanding the difference between request.remote_addr and request.access_route in Flask
- Command injection through proxy header manipulation
- HAProxy forwardfor option security implications
- White-box code analysis techniques
Tools
- Burp Suite or any HTTP proxy/interceptor
- Web browser with developer tools
- IDE for code analysis
Job Positions
Bug Bounty Hunter
Tags
Command InjectionHttp HeadersInput ValidationPythonServer Misconfiguration