picoCTF Solutions
picoCTF 2024Web ExploitationEasy

Bookmarklet

Published: April 3, 2024Updated: December 9, 2025

Description

Why search for the flag when I can make a bookmarklet to print it for me?

Setup

Browser only

Browse to the challenge page and find the flag!

Copy the bookmarklet code displayed on the page to inspect it.

Solution

  1. Step 1Create a bookmarklet manually
    Bookmark any page, edit that bookmark, and replace its URL with the JavaScript snippet you copied. When you click the bookmark, the code executes and shows the flag.
    javascript:(function(){ /* bookmarklet code from challenge page */ })();
  2. Step 2Run it in a JS console instead
    Open DevTools (F12) or an online JavaScript runner, paste the snippet, and run it. The script simply calls alert() with the flag, so nothing else is required.
    // paste into browser console (function(){ alert("picoCTF{p@g3_turn3r_e8b...}"); })();

Flag

picoCTF{p@g3_turn3r_e8b...}

Running the bookmarklet reveals the alert containing the flag above.