🔍 Challenge 1: The Basics
Every good security researcher knows to check the source code first. What secrets might developers leave behind?
Ctrl+U / Cmd+Option+U. Look for HTML comments!
🖥️ Challenge 2: Developer Console
Modern web applications run a lot of JavaScript. Sometimes developers leave debug messages...
📋 Challenge 3: Metadata Matters
HTML meta tags contain information about the webpage. They're in the <head> section of the page.
👻 Challenge 4: Hidden in Plain Sight
Not everything on a webpage is visible. Some elements might be hidden with CSS...
id="hiddenDiv"
💾 Challenge 5: Browser Storage
Browsers can store data locally. Check localStorage for hidden treasures!
localStorage or check Application/Storage tab in DevTools
🔐 Challenge 6: Encoding Secrets
Data is often encoded to hide it from plain sight. Can you decode this?
Encoded message: Q1RGe2Jhc2U2NF9pc19ub3RfZW5jcnlwdGlvbn0=
atob() in the console or an online decoder.
🎨 Challenge 7: Stylish Secrets
CSS can hide information too. Check the styles applied to this challenge box!
::before pseudo-element or look for class names with "flag" in them.
🌐 Challenge 8: Network Traffic
Sometimes secrets are loaded from external sources. Check what resources this page loads!
🎉 CONGRATULATIONS! 🎉
You've found all 8 flags!
You've learned about:
HTML comments • Console debugging • Meta tags • Hidden elements
LocalStorage • Base64 encoding • CSS inspection • Network analysis