PicoGym Web Exploitation Writeup | Cookies | Easy | PicoCTF

PicoGym Web Exploitation Writeup | Cookies | Easy | PicoCTF

Originally posted on my Medium page.

Hello..!!

In this challenge, we’re asked to figure out the best cookie. The title itself hints that the flag might be hidden within the browser’s cookies. So, our task is to explore the cookies stored by the website and track down the hidden flag.

Click on the provided URL in the challenge description. This redirects us to a simple website.

Since the challenge is about cookies, open the browser’s Developer Tools:

• Right-click → Inspect, or press Ctrl+Shift+I
• Go to the Application tab → Cookies section

Here, we can see a cookie named name with an initial value of -1.

Try entering the placeholder value snickerdoodle in the input field and click the Search button.

After clicking, notice that the cookie value updates to 0.

Now, manually edit the cookie value:

• Change it to 1, refresh the page and observe the response.
• Keep incrementing the value (to 2, 3, 4, etc.) and check if the response changes.
• Continue this process until a different result appears.

We can also do this by using Burp Suite.

• Set up Burp Suite and intercept the request when clicking Search.
• In the request headers, find the cookie value.
• Send the request to Repeater (Ctrl+R).
• Modify the cookie value and resend the request.
• Repeat until the response returns the flag.

At cookie value = 18, the page finally reveals the flag.

The flag is: picoCTF{3v3ry1_l0v3s_c00k135_bb3b3535}

📖 Want more CTF and OSINT writeups like this? Check out my Medium page here.