picoCTF 2021 Web Exploitation: Cookies

Written By Sydney Harris

Let's look at a web based CTF challenge, during which, we will utilize burpSuite

I am not a "sweets" person.  Never had a cavity.  Let's load up our site in burpSuite.

As I entered real and garbage cookie names I noticed this cookie would show-up as a POST request whenever I would change the cookie name. Each change would have the site pointing to the same redirect page Response.  In the past, I had a challenge that had me looking through GET requests, so I went to the /check GET request after entering chocolate chip(seems like that checks your input against the list of cookies):

Everything loads fine.  On the Request side, it looks like the cookie name is associated with a number, in fact, it looks like name is a variable assigned to the number(chocolate chip = 1:

I can't change the cookie name, but I can change the number, and perhaps that will change the name since each cookie name is assigned a number:

BOOM!!!!  There's our Flag:

This was a pretty good challenge and I look forward to the next.  Stay tuned for more.

Sydney Harris https://sydneyharris.com
Previous

Yep...we all have to apologize sometimes
Next

picoGym Exclusive General Skills: Big Zip