GET and HEAD…hmmm
Let’s fire up Burpsuite to see if we can examine these requests further. When we do a normal GET
request nothing strange happens here.
Let’s try switching the GET
method for the HEAD
method, which I think would only give us less data, but the name of the challenge, I think, might be pointing us in that direction.
The flag appears in the header response
Question: Is this an accurate reflection of a real-life scenario? Does HEAD
ever tell us something additional that GET
doesn’t give?