Bench Press: Leaking Text Nodes with CSS

Some time ago, while reading up on new CSS features, I asked myself: Is it possible to leak the entire content of an HTML text node only using CSS? The answer is yes! Well, kinda. I found a technique that generally allows this, but bumps into the limitations of the CSS engine at some point 🙃 But I'm getting ahead of myself… I really liked all the new things I learned about CSS while researching this, so I created a challenge for Hack.lu CTF 2024: Bench Press . In this blog post, I'm going to walk you through the solution as a practical example of my new technique. The Challenge The goal of the challenge is to leak an authentication token from a