We get the following description:
“Try to bypass my security measure on this site! http://165.227.106.113/header.php” and in addition to the title we can guess that this has to do something with HTTP headers.
Using curl we get the following
$ curl http://165.227.106.113/header.php
Sorry, it seems as if your user agent is not correct, in order to access this website. The one you supplied is: curl/8.7.1
<!-- Sup3rS3cr3tAg3nt -->
With the the response and comment give us a hint about changing the agent parameter on the HTTP header to “Sup3rS3cr3tAg3nt”. From the manual page of curl we can see that this can be done with the -H flag
Examples:
curl -H "X-First-Name: Joe" https://example.com
curl -H "User-Agent: yes-please/2000" https://example.com
curl -H "Host:" https://example.com
curl -H @headers.txt https://example.com
Thus, we create the following curl request
$ curl -H "User-Agent: Sup3rS3cr3tAg3nt" http://165.227.106.113/header.php
Sorry, it seems as if you did not just come from the site, "awesomesauce.com".
<!-- Sup3rS3cr3tAg3nt -->
Now we got a different message hinting something about coming from the site awesomesauce.com.
After looking into the different HTTP header fields, 2 of them seem particularly relevent. Namely the Origin and Referer fields, and after testing both of them theReferer field gave us the flag!
$ curl -H "User-Agent: Sup3rS3cr3tAg3nt" -H "Origin: awesomesauce.com" http://165.227.106.113/header.php
Sorry, it seems as if you did not just come from the site, "awesomesauce.com".
<!-- Sup3rS3cr3tAg3nt -->