Hello Everyone! 👋

In this blog, we’ll walk through solving the Bookmarklet challenge under the Web Exploitation category of picoCTF, rated as Easy. This challenge introduces you to the use of JavaScript bookmarklets and how scripts executed in the browser console can be used to retrieve hidden flags.

While it’s a beginner-friendly task, there’s an important browser security warning you’ll encounter that highlights real-world awareness when dealing with JavaScript in the DevTools Console.

Let’s dive in! 🕵️‍♂️💻

🛠️ Step-by-Step Guide

1️⃣ Start the Challenge Instance

Click the “here” button on the challenge page. This will launch a new browser tab leading to the challenge website.

2️⃣ Open the Browser Console

First, open your browser’s DevTools Console:

• Windows/Linux: Press Ctrl + Shift + J
• macOS: Press Cmd + Option + J
• Or right-click anywhere on the page → Inspect →…