Only the most leet hackers can type faster than my bot. Can you beat it?
https://hacker-typer.tuctf.com
-
I visited the webpage and there was something like typing speed calculator. I have to write the words correctly as fast as I can and maintain the streak upto 150.
-
I tried to write some words and I figured out that 150 streak is not gonna easy work for me.
-
I opened the network tab to see how it is measuring the speed and streak.
-
As we can see there is a function which sends a POST request to /check_word api with word in payload. It gets three properties in response.
-
Here the next word is in the response of the submission of the previous word.
-
So, I wrote a recursive function which sends a POST request to /check_word api and the function calls itself again after getting next word in response.
function getfetch(word) { var wordInput = word; var xhr = new XMLHttpRequest(); xhr.open("POST", "/check_word"); xhr.setRequestHeader( "Content-Type", "application/x-www-form-urlencoded" ); xhr.onload = function () { var wordElement = document.querySelector('strong[name="word-title"]'); var speedElement = document.querySelector( 'strong[name="speed-title"]' ); var streakElement = document.querySelector( 'strong[name="streak-title"]' ); var statusElement = document.querySelector( 'strong[name="status-title"]' ); var inputElement = document.getElementsByName("word")[0]; if (xhr.status === 200) { var response = JSON.parse(xhr.responseText); console.log(response); response.next_word && getfetch(response.next_word); } else { statusElement.textContent = "Session Expired"; inputElement.focus(); } }; xhr.send("word=" + encodeURIComponent(wordInput)); }
-
This function done everything for me. I called this function once in browser console and after awhile the streak became 150 and I found the flag.
