NahamCon CTF (2021) writeup
Challenge name: Homeward Bound

In this challenge we were given a link to page that was not publically accessible.

The key word “externally” was a clue. If the X-Forward-For: 127.0.0.11 header is used, it allows bypass of a web application and access to endpoints that are restricted otherwise.

I used BurpSuite Repeater to modify the headers for the page. I added the X-Forwarded-For: 127.0.0.1 header to trick the page into showing internally accessible data.

Resources