Following on from Opabina Regalis - Fetch Token and Opabina Regalis - Downgrade Attack - can you find an input validation request that would allow you to access otherwise protected resources?
This may give you some inspiration on where the issue lies.
Listening on port 12001 on ssl-added-and-removed-here.ctfcompetition.com
This challenge was a little boring. I used my solution to Opabina Regalis - Downgrade Attack, but replaced
/protected/token and got the flag.