> For the complete documentation index, see [llms.txt](https://sayonara.gitbook.io/writeups/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sayonara.gitbook.io/writeups/ctf/downunderctf-2023/web/actually-proxed.md).

# actually-proxed

### <mark style="color:blue;">Challenge Description</mark>

<div align="left"><figure><img src="/files/OlqSR9PQ8Pw1M4OtTWK2" alt=""><figcaption></figcaption></figure></div>

### <mark style="color:blue;">Challenge Attachment</mark>

{% file src="/files/ozefl3XfYXO8PvdXLUav" %}

<div align="left"><figure><img src="/files/8Wjn76mMN0BcmR2E7J00" alt=""><figcaption></figcaption></figure></div>

let's send the request to burp repeater

<div align="left"><figure><img src="/files/awfgeZZxn5oNekaZ2Cp4" alt=""><figcaption></figcaption></figure></div>

let's view the source code

<div align="left"><figure><img src="/files/7pGwYl9MexLIUKgJzMYA" alt=""><figcaption></figcaption></figure></div>

the secret server code is the same as the code in the previous challenge <mark style="color:red;">**proxed**</mark>&#x20;

which untrusts all IP values except **`31.33.33.7`**

<div align="left"><figure><img src="/files/KkSNqzI4DrI2JKKBhCwl" alt=""><figcaption></figcaption></figure></div>

let's try to modify the originating IP to 31.33.33.7 using X-Forwarded-For Header

but it didn't work

<div align="left"><figure><img src="/files/r6vBQ35AZVw5YmZ9cdJI" alt=""><figcaption></figcaption></figure></div>

and this is because of the reverse proxy implemented which overwrites the value of the X-Forwarded-For header to the value of the clientIp

<div align="left"><figure><img src="/files/uPxcAWdDxpvzkt1lZEQ9" alt=""><figcaption></figcaption></figure></div>

the code between the red rectangle its purpose is to modify the `X-Forwarded-For` header in the HTTP request to include the client's IP address.

Here's what it does:

1. It loops through the `headers` slice, which contains pairs of HTTP header names and values.
2. For each header, it checks if the header name, when converted to lowercase with `strings.ToLower(v[0])`, matches the string `"x-forwarded-for"` in a case-insensitive manner.
3. If it finds a match, it modifies the header value by appending the client's IP address to it. It uses `fmt.Sprintf` to format the new header value as a comma-separated list of IP addresses, with the client's IP followed by any existing values.
4. The loop terminates as soon as it finds and modifies the `X-Forwarded-For` header.

since The loop terminates as soon as it finds and modifies the `X-Forwarded-For` header if we add `X-Forwarded-For` header multiple times, only the first occurrence will be processed, and subsequent occurrences will not be checked or modified by the proxy server.

this way we can make the originating IP value 31.33.33.7 and as a result we will not be blocked and we will eventually get the flag

<div align="left"><figure><img src="/files/quiWOuJkS4vyprvzQsjT" alt=""><figcaption></figcaption></figure></div>

### Flag

```
DUCTF{y0ur_c0d3_15_n07_b3773r_7h4n_7h3_574nd4rd_l1b}
```
