flagen

com.example.flagen.FlagActivity r0 = (com.example.flagen.FlagActivity) r0
int r14 = com.example.flagen.FlagActivity.f914v
java.lang.String r14 = "http://"
monitor-enter(r0)
java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch:{ Exception -> 0x00b1 }
r1.<init>(r14)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r14 = r0.f915t     // Catch:{ Exception -> 0x00b1 }
r1.append(r14)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r14 = ":"
r1.append(r14)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r14 = r0.f916u     // Catch:{ Exception -> 0x00b1 }
r1.append(r14)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r14 = "/api/v1/getdata"
r1.append(r14)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r14 = r1.toString()     // Catch:{ Exception -> 0x00b1 }
java.net.URL r1 = new java.net.URL     // Catch:{ Exception -> 0x00b1 }
r1.<init>(r14)     // Catch:{ Exception -> 0x00b1 }
java.net.URLConnection r14 = r1.openConnection()     // Catch:{ Exception -> 0x00b1 }
java.net.HttpURLConnection r14 = (java.net.HttpURLConnection) r14     // Catch:{ Exception -> 0x00b1 }
r1 = 20000(0x4e20, float:2.8026E-41)
r14.setConnectTimeout(r1)     // Catch:{ Exception -> 0x00b1 }
r14.setReadTimeout(r1)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r1 = "GET"
r14.setRequestMethod(r1)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r1 = "Accept"
java.lang.String r2 = "application/json"
r14.setRequestProperty(r1, r2)     // Catch:{ Exception -> 0x00b1 }
java.lang.String r1 = "X-API-KEY"
java.lang.String r2 = "FBA34-E4Q4D3-E5C8XB1-DDA9A-26ED76"
r14.setRequestProperty(r1, r2)     // Catch:{ Exception -> 0x00b1 }
java.io.BufferedReader r1 = new java.io.BufferedReader     // Catch:{ Exception -> 0x00b1 }
java.io.InputStreamReader r2 = new java.io.InputStreamReader     // Catch:{ Exception -> 0x00b1 }
java.io.InputStream r3 = r14.getInputStream()     // Catch:{ Exception -> 0x00b1 }
r2.<init>(r3)     // Catch:{ Exception -> 0x00b1 }

$ wfuzz -c -w /usr/share/seclists/Discovery/Web-Content/api/api-endpoints.txt --hc 404 -u http://34.107.126.69:32141/FUZZ
 /usr/lib/python3/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer                         *
********************************************************

Target: http://34.107.126.69:32141/FUZZ
Total requests: 268

=====================================================================
ID           Response   Lines    Word       Chars       Payload                                                                                     
=====================================================================

000000200:   200        42 L     112 W      1336 Ch     "/swagger/"                                                                                 

Total time: 0
Processed Requests: 268
Filtered Requests: 267
Requests/sec.: 0

$ curl http://34.107.126.69:32141/api/v1/getfl -H "X-API-KEY:FBA34-E4Q4D3-E5C8XB1-DDA9A-26ED76"
{"flag": "CTF{21fb574397e3c49950511c5f1a9dd413ffc5986a0a15b36878434e21782877f0}"}