This plugin for CTFd generates a unique token for each user and provides functionality to replace certain placeholders on the client-side with that token. It also introduces a mechanism to automatically submit challenges using these tokens.
- Generates a secure and unique token for each registered user in CTFd.
- Automatically replaces the
##unique_token##placeholder in challenge descriptions with the user's token. - Provides an API route for admins to solve challenges on behalf of a user using their token.
- Clone this repository into your CTFd's plugins directory:
cd /path/to/CTFd/plugins
git clone [REPOSITORY_URL]-
Restart CTFd or your web server.
-
Configure the environment variables
UNIQUE_TOKEN_SECRETKEYandUNIQUE_TOKEN_SALTto enhance the security of the generated tokens.
Once installed, the plugin will automatically generate a token for each user upon logging in. Moreover, any instance of ##unique_token## in challenge descriptions will be replaced with the user's unique token.
- GET
/get_user_token: Retrieves the current user's token. - GET
/admin-solve/<token>/<challenge_name>: Solves a challenge for a user using their token (admin only). Example:- ADMIN_TOKEN: Generate it in
https://CTFD/settings#tokens - CTFD: CTFD URL
- ADMIN_TOKEN: Generate it in
curl:
curl 'http://<CTFD>/admin-solve/<USER_UNIQUE_TOKEN>/<CHALLENGE_FULL_NAME>' -H 'Authorization: Token <ADMIN_CTFD_TOKEN>' -H 'Content-type: application/json'Python:
import requests
def request_to_ctfd(url, admin_ctfd_token, user_unique_token, challenge_name):
r = requests.get(f"{url}/admin-solve/{user_unique_token}/{challenge_name}", headers={'Content-Type':'application/json', 'Authorization': f"Bearer {admin_ctfd_token}"})
return(r.text)Contributions are welcome. Please create an issue or pull request if you find a bug or wish to add a new feature.
Thanks goes to these wonderful people (emoji key):
Mateo Durante 💻 |
Jeremías Pretto 💻 📖 |
This project follows the all-contributors specification. Contributions of any kind welcome!