How do you send a password over the internet? You acquire a SSL certificate and let TLS do the job of securely transporting the password from client to server. Of course it’s not as cut-and-dry as I’m making it out to be, but the gist of it holds true and stood the test of time. This hasn’t always been this way though, and one incredibly popular storefront on the world wide web prefers to add a little extra to this day. I’ll be discussing Steam’s unique method of logging in their users, and go down a deep rabbit hole of fascinating implementation details.
As soon as I got my first Android-powered smartphone around nine years ago, I immediately researched how to create apps for it. And within no more than three days, I created an app that made my school’s substitution plans accessible on mobile devices. A couple years passed, the app improved, and soon school staff picked up on it and wanted me to build a similar web-based application to cover all devices. It’s now been nearly five years since I stopped maintaining it and today I want to take a look at the web app once more and assess it from what I’ve learned since then about web development and cybersecurity.
I like CTFs. Admittedly, I’m not particularly good at them. I try my best and learn from other people’s solutions to unique challenges after the end of a competition. I also like my roommate who I’ve known for several years now. And even though he’s a magnificent problem solver, at least in my opinion, I’m yet to convince him to team up and play some CTFs together. It was his birthday very recently and I prefer experiences as gifts as opposed to materialistic things. So I cobbled together a relatively simple CTF-style challenge for him. In this article, I want to outline a couple interesting bits here and there that I learned in the process of creating a custom challenge. Maybe you’ll find yourself inspired to create a simple challenge of your own.