Info 📌

This lab stores user chat logs directly on the server's file system, and retrieves them using static URLs.

🎯 Goal:

Solve the lab by finding the password for the user carlos, and logging into their account.

1. The lab is idor the idea of this lab we will talk to the about after login with wiener : peter
2. Start your proxy/interceptor (Burp, OWASP ZAP, or similar) and enable interception. 🕵️‍♂️
3. Start a chat or send a message so the transcript is created. 💬
4. Click View transcript — a file will be downloaded 📥

i notice important thig from first time i pressed on view transcript it download 2(1).txt

why ??

why not 1 ??? for me

it’s indicate me there’s another one talk this chatbot and download it

we need to try to check about talking let’s send this request to burp suite and change form 2 → 1

ooh we go the chat and in chat content we go the password

• Log out and log in using carlos and the recovered password. 🔐
• Submit the lab once you successfully log in as carlos. 🏁

vjjsjpyrte1b3hg5wsi3 → password