PicoCTF Cookies
Pico Web CTF : Cookies
Hey there, Welcome to my page π.This is my first public CTF write-up. I chose to start with this challenge specifically because of how I find it to be a super beginner friendly challenge and I thought will find it to explain easily. I hope I don’t disappoint you π.
This is a web CTF from PicoCTF called Cookies. This is what you get once you open it .
I then visited the given website. and found this.
Just like how I would solve any another CTF challenge , I first look out all possible given hint and keep them in mind as I solve the challenge.
From this challenge, my first hint was from the name of the challenges . “Cookies”
What Are Cookies
Cookies are small text files that websites place on your device when you visit them. They serve various purposes, like remembering your preferences, keeping you logged in, and analyzing how you use the site. Cookies enable websites to provide personalized experiences, such as tailored content and targeted advertisements. While they enhance functionality and usability, some cookies also raise privacy concerns due to their tracking capabilities. It’s essential to understand how cookies work and their implications for your online privacy.
There are two main ways I view cookies in website:
- Browser Developer Tools:
- Once you visit the developer tools on your browser
- Navigate to the “Application” or “Storage” tab, where you’ll find a section for cookies.
- From there, you can view details such as cookie names, values, expiration dates, and associated domains.
- Browser Extensions:
- This is one i prefer to use more.
- The extension additional functionality for managing cookies
- Are more user-friendly interfaces compared to built-in browser tools.
For this challenge, I used this cookie editor editor availaible in chrome store
Once installed , you will it at the top right of your browser where extension are mostly
Now visit the pico website and click on the cookies editor extension and you will find all your cookies there and their value.
I found a cookie called name with the value -1 . I changed the value of the cookie to 0 and saved it and refreshed the page and this is what I got
Changing the value severally, to 1,2,3,4 ….and kept getting different information from the website.
This was tiresome . And so I decided to use burp-suite tool to do this.
First, I intercepted the request and there I could see my cookie there
Using the feature in burp suite - Intruder , I sent the request to the Intruder
Once in the Intruder section,
- Make sure the value at the cookie is in between a $ sign
- Visit the payload tab , to add our payload
Once at the payload tab, change the payload type to Numbers and a range of your choice. For me I choose from 1 to 50 and step of 1
And then Start attack
Once the attack is done,I checked all the successfull attack with code 200 and viewed the reponse of attack and there was my flag π
Hurray π€!!!!! My first public write up π. Hope you enjoyed