Tags: web 

Rating: 0

# cookie-clicker (150)

## Problem

My friend built a cookie clicker. How do I beat it?

http://35.225.2.44:5001/

## Solution

This is a simple cookie spoofing problem. We can set up a proxy such as Burp Suite to intercept requests from the website with a browser such as Firefox in the middle, and then we have free reign over outgoing cookies.

![](https://raw.githubusercontent.com/shawnduong/ctf-writeups/master/2019-BCA/images/cookie-clicker-1.png)

After we've changed the cookie accordingly, all we need to do is forward the request and we get to a page with the flag.

```
bcaCTF{c00k13s_c71ck3d_34a2344d}
```