bugku-web-你从哪里来

这里就这一句话提示，问我是不是谷歌的？

用谷歌浏览器访问

没看见什么变化

抓包查看

没有变化

这时我想到爬虫中的反爬策略中有一种，判断请求的当前界面来判断用户的起始判断位置

这时抓取报文

GET / HTTP/1.1
Host: 114.67.175.224:15160
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: Hm_lvt_c1b044f909411ac4213045f0478e96fc=1711286763; _ga=GA1.1.52075818.1711286767; _ga_F3VRZT58SJ=GS1.1.1711288951.2.1.1711290145.0.0.0
Connection: close

并添加字段

Referer: http://www.google.com

这个字段是用来提示服务器我们当前请求发送时所在页面的

完整报文

GET / HTTP/1.1
Host: 114.67.175.224:15160
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: Hm_lvt_c1b044f909411ac4213045f0478e96fc=1711286763; _ga=GA1.1.52075818.1711286767; _ga_F3VRZT58SJ=GS1.1.1711288951.2.1.1711290145.0.0.0
Referer: http://www.google.com
Connection: close

得到flag