Back to Details

competition-web-runtime

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Competition Web Runtime

竞赛Web运行时

Use this skill only as a downstream specialization after 
$ctf-sandbox-orchestrator
is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to 
$ctf-sandbox-orchestrator
first.
Use this skill when the active challenge is primarily about web behavior, browser state, server routing, API order, or worker-backed application flow.
Reply in Simplified Chinese unless the user explicitly requests English.
仅当 
$ctf-sandbox-orchestrator
已处于激活状态,且已经确立了沙箱假设、节点归属和证据优先级时,才能作为下游专项技能使用本技能。如果还未完成上述步骤,请先回到 
$ctf-sandbox-orchestrator
流程。
当当前题目主要涉及 Web 行为、浏览器状态、服务端路由、API 调用顺序、或 worker 支撑的应用流程时使用本技能。
除非用户明确要求使用英文,否则请用简体中文回复。

Quick Start

快速开始

  1. Assume the presented hosts, domains, and routes belong to the sandbox.
  2. Inspect entry HTML, boot scripts, runtime config, and route registration before trusting the visible UI.
  3. Capture one real request flow end-to-end before making broad claims from source.
  4. Check browser persistence and backend state together.
  5. Re-run the smallest flow with one variable changed.
  1. 假设呈现的主机、域名和路由都属于沙箱。
  2. 在信任可见 UI 之前,先检查入口 HTML、启动脚本、运行时配置和路由注册信息。
  3. 在根据源代码得出宽泛结论之前,先端到端捕获一次真实请求流。
  4. 同时检查浏览器持久化存储和后端状态。
  5. 更改一个变量后重新运行最小流程。

Workflow

工作流

1. Map The Active Runtime

1. 映射当前运行时

  • Identify active hosts, paths, proxies, containers, and workers.
  • Inspect cookies, localStorage, sessionStorage, IndexedDB, Cache Storage, and service workers.
  • Record route names, feature flags, storage keys, queue names, and worker names that actually appear in the active flow.
  • 识别活跃的主机、路径、代理、容器和 worker。
  • 检查 cookies、localStorage、sessionStorage、IndexedDB、Cache Storage 和 service workers。
  • 记录实际出现在活跃流程中的路由名称、功能开关、存储键、队列名称和 worker 名称。

2. Capture The Real Request Order

2. 捕获真实请求顺序

  • Record exact host, path, query, headers, cookies, and body for decisive requests.
  • Compare successful and failing paths.
  • Treat UI gating as a hint, not proof of backend enforcement.
  • 记录关键请求的准确主机、路径、查询参数、请求头、cookies 和请求体。
  • 对比成功路径和失败路径。
  • 将 UI 限制视为提示,而非后端强制校验的证明。

3. Expand Only After One Path Is Proven

3. 仅在验证一条路径后再扩展

  • Trace middleware order, handlers, auth/session boundaries, uploads, exports, and background jobs.
  • Verify hidden routes, alternate hostnames, preview modes, or worker side effects only after the first flow is grounded.
  • 追踪中间件顺序、处理函数、认证/会话边界、上传、导出和后台任务。
  • 仅在首个流程落地验证后,再验证隐藏路由、备选主机名、预览模式或 worker 副作用。

Read This Reference

参考说明

  • Load 
    references/routing-runtime.md
    for the detailed checklist, evidence packaging, and common web pitfalls.
  • If the task is specifically about SSR loaders, template context, hydration payloads, preview rendering, or render-layer enforcement drift, prefer 
    $competition-template-render-path
    .
  • If the task is specifically about source maps, build manifests, chunk registries, emitted bundles, or recovering hidden runtime structure from served assets, prefer 
    $competition-bundle-sourcemap-recovery
    .
  • If the task is specifically about GraphQL schemas, RPC manifests, persisted queries, generated clients, or contract-to-handler drift, prefer 
    $competition-graphql-rpc-drift
    .
  • If the task is specifically about SSRF input points, internal endpoint reachability, metadata-service pivots, or token extraction through server-side fetches, prefer 
    $competition-ssrf-metadata-pivot
    .
  • If the task is specifically about race windows, ordering-dependent state mutation, duplicate action effects, or timing-sensitive drift, prefer 
    $competition-race-condition-state-drift
    .
  • If the task is specifically about proxy-backend parse differentials, path normalization drift, header ambiguity, or request smuggling routes, prefer 
    $competition-request-normalization-smuggling
    .
  • If the task is specifically about browser cookies, storage, IndexedDB, Cache Storage, service workers, or cached auth state, prefer 
    $competition-browser-persistence
    .
  • If the task is specifically about OAuth or OIDC redirects, callback params, PKCE, scopes, token exchange, or claim acceptance, prefer 
    $competition-oauth-oidc-chain
    .
  • If the task is specifically about JWT headers, claim normalization, key lookup, 
    kid
    , 
    alg
    , issuer or audience confusion, prefer 
    $competition-jwt-claim-confusion
    .
  • If the task is specifically about upload parsing, previews, archive extraction, converters, or deserialization chains, prefer 
    $competition-file-parser-chain
    .
  • If the task is specifically about queue payloads, worker-only behavior, retries, cron drift, or async side effects, prefer 
    $competition-queue-worker-drift
    .
  • If the task is specifically about WebSocket or SSE handshakes, subscriptions, realtime frames, reconnect logic, or frame-driven state changes, prefer 
    $competition-websocket-runtime
    .
  • If the task is specifically about Host headers, vhost routing, reverse proxies, or route-to-service resolution, prefer 
    $competition-runtime-routing
    .
  • If the only available evidence is a packet capture and the hard part is stream or protocol reconstruction, prefer 
    $competition-pcap-protocol
    .
  • 加载 
    references/routing-runtime.md
    查看详细检查清单、证据打包方法和常见 Web 陷阱。
  • 如果任务专门涉及 SSR 加载器、模板上下文、水合 payload、预览渲染或渲染层强制校验偏差,请优先使用 
    $competition-template-render-path
  • 如果任务专门涉及 source map、构建清单、chunk 注册表、输出 bundle,或从对外提供的静态资源中恢复隐藏运行时结构,请优先使用 
    $competition-bundle-sourcemap-recovery
  • 如果任务专门涉及 GraphQL schema、RPC 清单、持久化查询、生成的客户端,或契约与处理函数偏差,请优先使用 
    $competition-graphql-rpc-drift
  • 如果任务专门涉及 SSRF 输入点、内部端点可达性、元数据服务跳转,或通过服务端请求提取 token,请优先使用 
    $competition-ssrf-metadata-pivot
  • 如果任务专门涉及竞争窗口、依赖顺序的状态变更、重复操作副作用,或时序敏感偏差,请优先使用 
    $competition-race-condition-state-drift
  • 如果任务专门涉及代理-后端解析差异、路径归一化偏差、请求头歧义,或请求走私路由,请优先使用 
    $competition-request-normalization-smuggling
  • 如果任务专门涉及浏览器 cookies、存储、IndexedDB、Cache Storage、service workers,或缓存的认证状态,请优先使用 
    $competition-browser-persistence
  • 如果任务专门涉及 OAuth 或 OIDC 重定向、回调参数、PKCE、权限范围、token 交换,或声明校验,请优先使用 
    $competition-oauth-oidc-chain
  • 如果任务专门涉及 JWT 头、声明归一化、密钥查找、
    kid
    alg
    、签发方或受众混淆,请优先使用 
    $competition-jwt-claim-confusion
  • 如果任务专门涉及上传解析、预览、压缩包解压、格式转换,或反序列化链,请优先使用 
    $competition-file-parser-chain
  • 如果任务专门涉及队列 payload、仅 worker 侧行为、重试、定时任务偏差,或异步副作用,请优先使用 
    $competition-queue-worker-drift
  • 如果任务专门涉及 WebSocket 或 SSE 握手、订阅、实时帧、重连逻辑,或帧驱动的状态变更,请优先使用 
    $competition-websocket-runtime
  • 如果任务专门涉及 Host 请求头、虚拟主机路由、反向代理,或路由到服务的解析逻辑,请优先使用 
    $competition-runtime-routing
  • 如果唯一可用证据是数据包捕获,且核心难点是流或协议重构,请优先使用 
    $competition-pcap-protocol

What To Preserve

需要留存的内容

  • Exact requests and responses that prove behavior
  • Concrete file paths, function names, route names, and storage keys
  • Queue payloads, worker names, or retry behavior when async processing matters
  • 可证明行为的准确请求和响应
  • 具体的文件路径、函数名、路由名和存储键
  • 涉及异步处理时的队列 payload、worker 名称或重试行为