One day I stumbled upon this blog and found that the post entitled lazy_static! { static ref My } required a password to visit.
It's easy to tell that this site is built using static website tools and deployed to github pages.
Here’s a more fluent and natural version of your text:
One day, I stumbled upon this blog and noticed that a post titled lazy_static! { static ref My } required a password to access.
In this article, I will show several methods to bypass the verification code on similar static websites.
It's easy to tell that this site is built using static website tools and deployed to GitHub Pages.
When you try to access the post, a password prompt appears:
If you enter the wrong password or click the cancel button, you’ll be redirected to the blog’s homepage. Below are a few simple ways to bypass the verification code
Method 1: Simply Disable JavaScript
Anyone with basic frontend knowledge knows that this prompt is created using javascript. So, the easiest and most direct method is to disable javascript on the site.
Here’s how you can do that in Chrome:
First, click the icon next to the website URL. A dropdown menu will appear, allowing you to view site information.
Next, click on "Site settings" to open a new menu where you can disable JavaScript for the site
By disabling javascript, you’ll be able to access the post without any issues. However, this method isn’t perfect: with javascript disabled, some page features might not function properly.
Method 2: Find Out the Verification Code
There are also ways to discover the verification code without disabling JavaScript on the website.
First, press F12 to open the browser's developer tools and view the page’s source code.
It appears that we cannot directly view the response from the browser. So, we’ll need to use external tools.
Here, I’m using postman to send an HTTP request to the website, which returns the verification code in the response.
We can see from the above image that the correct password is 1001.
Method 3: Intercept the Verification Code
Another way to access the blog without finding the verification code directly is by intercepting the HTTP response. We can use Burp Suite to intercept the response and modify the code related to the password.