Hii,
I have a question that i do not understand.plase help

i was solving a ctf challenges using burp suite.when i try to send post or get request to server with login credentials

POST /post.php HTTP/1.1
Host: 165.227.106.113
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 42

username=admin&password=71urlkufpsdnlkadsf

the server did not show me the flag BUT
When i try using curl command
curl “http://165.227.106.113/post.php” -d “username=admin&password=71urlkufpsdnlkadsf”

it show me the flag
Do you know why???

Is there any chance you can show the response from burp suite?

Your requests seem fine. Just make sure that when you capture and send them to the Repeater, you check non-printable characters (\n). Each line in the response usually ends with \r\n , indicating a return followed by a new line, so keep that in mind.

See :
Burp Suite: Repeater

4

This is the response

HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Thu, 02 May 2024 00:48:52 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.5.9-1ubuntu4.22
Content-Length: 118

<h1>This site takes POST data that you have not submitted!</h1><!-- username: admin | password: 71urlkufpsdnlkadsf -->