Challenge:
Name: Privacy Policy Inspection
Description: Prove that you actually read our privacy policy.
Difficulty: 3 star
Category: Security Through Obscurity
Expanded Description: https://pwning.owasp-juice.shop/part2/security-through-obscurity.html
Tools used:
Burp Suite, FoxyProxy
Resources used:
None.
Methodology:
First, as usual, I read the expanded description.


Without the highlighter, that description is much more cryptic. But I decided to try dragging my mouse along the text and was shortly rewarded with a “hot” indicator.

After mousing over every single word, I came up with this:

Initially I was a little confused as to why the localhost address was there, until I decided to try using the hot words as a link, and capture the packets with Burp Suite.


When given a link like that, it’s usually a good idea to pay that url a visit.

