Tags: burpsuite 


# Cookies

Category: Web Exploitation


## Description
Who doesn't love cookies? Try to figure out the best one.

## Looking at the website

Opening up the given link we are welcomed by the following page:


Good, so we can search for cookies. I fired up `BurpSuite` right away, entered `snickerdoodle` and sent it away! After I got a response from the server my web cookie changed
And this appeared:


## Burping

Interesting, we started out at `name=-1`. I wonder if the cookies are in a sequence? I changed my cookie in Burp to `name=1`. Like so:


Sent it with forward and click through to the response.


Awesome! Now we can go through with intruder. Set a list like so:


Now just fire away! Responses are coming in now, so just sort by `length` and look for the odd one out. I found this:


Could this one be it?


And indeed it is! It might look nicer on the webpage, but this is could enough :)


Original writeup (https://github.com/xnomas/PicoCTF-2021-Writeups/blob/main/Cookies/README.md).