I made a web hacking challenge for the Cyber Security Challenge Germany (cscg) 2021. 

Grab the files: https://github.com/LiveOverflow/ctf-screenshotter
Cyber Security Challenge Germany: https://www.cscg.de/

00:00 - Introduction to screenshotter app
00:58 - Setup the challenge
01:38 - First overview of functionality
03:07 - Review application architecture
03:51 - The chrome service
04:19 - The main app service
05:07 - Chrome service IP leak
06:22 - The app secret
06:54 - Methodology: go for complex features
09:22 - The flagger/admin service
11:30 - First attack idea: XSS
11:55 - Reviewing flask templates
13:09 - Useless self-XSS?
13:38 - Bypass demo restriction
15:45 - Using the Chrome SSRF?
17:00 - Leak websites of other users
18:31 - THE EXPLOIT!
22:04 - Outro

-=[ ❤️ Support ]=-

→ Support: https://liveoverflow.com/support
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/