web

Overview When assessing this application I began by attempting to understand the different inputs and the basic functionality of the site. The site displays a simple card game where you attempt to defeat the evil ghost by selecting cards which may deplete or replinish its health. When intercepting this data with Burp, we can see three values being sent to the server. These values include current_health, attack_power, and operator. This is then taken by the server and the message we receive back is the current_health added or subtracted by the attack_power based on what the operator is.