we are met with a page that allows us to search for cookies. Pretty neat!
I checked out the network tab and see that the initial get request has a request cookie with a name of -1
which is weird right?
I type in “test” to the form and I’m met with a form saying that that doesn’t appear to be a valid cookie
upon a valid cookie (I choose snickerdoodle) the next get response cookie name is now 0
hmmm
If I can modify this request, maybe I can cause some problems
modifying the cookie response to 2
, brought me to a check
page that said oatmeal raisin…
3
gigersnap
5
peanutbutter
10
biscotti
Okay so maybe the flag will be returned if the cookie name is correct…but what would that be?
There should be a way I can look through all these responses programatically…maybe through python?
This script loops through the requests if we change the cookie name to every number from 0-100
I used the find feature in terminal and searched for pico
to find the flag
/