The purpose of the tool is exploiting HTTP POST requests and stealing the data being sent on the payload of every POST request. It helps collecting credentials. In addition to that, it sends the data covertly, using the ISN in TCP SYN packets; thus, it is almost impossible to detect it by looking at the traffic without using IDS/IPS tools which are usually not used in competitions.
My inspiration was this paper: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6616180