Open Firefox. In the top right corner, click the "hamburger" icon, which consists of three bars.
Click Preferences. Search for network, as shown below.
In the Network section, click Settings.
Make sure that the "Enable DNS over HTTPS" box is not checked. as shown below.
Click OK.
Open Wireshark and start sniffing on the adapter that goes to the Internet.
badness.samsclass.info
The site shows a "Forbidden" message,
as shown below. We didn't reach a page,
but the system still performed a DNS lookup.
In the Filter bar, type:
dns
and press Enter.
The DNS requests for the "BADNESS" page are visible, exposing the URL to anyone who can sniff your traffic, as shown below.
frame contains badness
and press Enter.
Several other packets also expose the URL, as shown below.
Click OK.
wickedness.samsclass.info
The site shows a "Forbidden" message.
In the Filter bar, type:
dns
and press Enter.
There are no longer any DNS requests exposing the URL, as shown below.
frame contains wickedness
and press Enter.
TLS packets still expose the URL, as shown below.
A user browsed to a domain containing the word war.
Find that domain name--it's the flag.
A user browsed to a domain containing the word flag.
Find that domain name--it contains the flag.
Posted 10-2-17
Updated to new scoring engine 7-11-19