Hacker 101 - Capture the Flags with a Regex
Enjoying HackerOne’s CTF?
If you want to make sure not to inadvertently miss any single flag while skimming through web pages, you can ask ZAP to catch them for you with this regex:
A “Flag” tag will appear next the requests containing a flag in their response:
This technique is particularly useful when a flag appears in a non-obvious location such as an HTML comment.