Back to Details

competition-browser-persistence

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Competition Browser Persistence

竞赛浏览器持久化

Use this skill only as a downstream specialization after 
$ctf-sandbox-orchestrator
is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to 
$ctf-sandbox-orchestrator
first.
Use this skill when the decisive branch lives in browser-held state rather than only in visible HTML or backend source.
Reply in Simplified Chinese unless the user explicitly requests English.
仅可在
$ctf-sandbox-orchestrator
已启动并完成沙箱假设、节点归属、证据优先级设定后,作为下游专项技能使用本工具。若尚未完成上述配置,请先返回
$ctf-sandbox-orchestrator
流程。
当判定逻辑分支依赖浏览器存储的状态,而非仅存在于可见HTML或后端源码中时,使用本技能。
除非用户明确要求英文回复,否则请使用简体中文回复。

Quick Start

快速开始

  1. Identify the active persistence surface first: cookie jar, localStorage, sessionStorage, IndexedDB, Cache Storage, or service worker.
  2. Record origin, scope, domain, path, expiry, and key names before mutating state.
  3. Tie stored state to one concrete effect: request header, rendered branch, cached response, offline behavior, or hidden route access.
  4. Separate boot-time state from runtime-mutated state.
  5. Reproduce the smallest stateful sequence that reaches the decisive branch.
  1. 首先识别当前活跃的持久化载体:cookie jar、localStorage、sessionStorage、IndexedDB、Cache Storage 或是 service worker。
  2. 在修改状态前,记录源站、作用域、域名、路径、过期时间以及键名。
  3. 将存储状态与具体影响关联:请求头、渲染分支、缓存响应、离线行为或是隐藏路由访问。
  4. 区分启动时状态与运行时修改的状态。
  5. 复现能到达判定分支的最短状态序列。

Workflow

工作流

1. Map Browser State Surfaces

1. 梳理浏览器状态载体

  • Inspect cookies, storage buckets, service worker registrations, cache entries, and transient globals exposed during boot.
  • Record which origin, host, route, or feature flag each state item actually applies to.
  • Keep auth tokens, refresh material, CSRF state, cached responses, and feature toggles in separate evidence blocks.
  • 检查启动过程中暴露的cookies、存储桶、service worker注册信息、缓存条目以及临时全局变量。
  • 记录每个状态项实际适用的源站、主机、路由或特性开关。
  • 将身份验证令牌、刷新凭证、CSRF状态、缓存响应、特性开关分别存入不同的证据块。

2. Tie State To Runtime Behavior

2. 关联状态与运行时行为

  • Show how stored state becomes request headers, role derivation, route visibility, cached API data, or offline fallback behavior.
  • Compare clean-state and mutated-state runs with one variable changed at a time.
  • Distinguish UI-only state from backend-accepted state.
  • 说明存储状态如何转化为请求头、角色推导结果、路由可见性、缓存API数据或是离线降级行为。
  • 每次仅修改一个变量,对比纯净状态与修改后状态的运行结果。
  • 区分仅UI层面的状态与后端可识别的状态。

3. Reduce To The Decisive Persistence Chain

3. 精简出核心持久化链路

  • Compress the result to the smallest chain: initial page or login -> state persisted -> subsequent request or render branch -> resulting capability.
  • Keep extracted storage, service worker scripts, and replay steps tied to the same origin and route.
  • If the problem broadens into general web routing or worker behavior outside browser persistence, switch back to the broader web-runtime skill.
  • 将结果压缩为最短链路:初始页面或登录 -> 状态持久化 -> 后续请求或渲染分支 -> 最终获得的权限。
  • 确保提取的存储内容、service worker脚本、重放步骤都对应相同的源站与路由。
  • 如果问题扩展到浏览器持久化之外的通用Web路由或worker行为,请切换到适用范围更广的web-runtime技能。

Read This Reference

参考文档

  • Load 
    references/browser-persistence.md
    for the browser-state checklist, service-worker checklist, and evidence packaging.
  • 加载
    references/browser-persistence.md
    查看浏览器状态检查清单、service-worker检查清单以及证据打包规范。

What To Preserve

需要留存的内容

  • Cookie attributes, storage keys, database names, cache keys, service worker scopes, and origin boundaries
  • The exact request or render effect caused by each decisive state item
  • Clean-state vs mutated-state reproduction steps for the smallest working path
  • Cookie属性、存储键名、数据库名、缓存键、service worker作用域以及源站边界
  • 每个核心状态项触发的具体请求或渲染影响
  • 最短可复现路径的纯净状态与修改后状态复现步骤