Cookies

Who doesn't love cookies? Try to figure out the best one. http://mercury.picoctf.net:6418/

Let's proxy the traffic through Burpsuite and provide snickerdoodle as the input.

We can see that the application redirects us to /check.

Now let's send the request that is sent to /check to the Intruder.

Then we can configure the payload position to be the cookie.

Next we have to craft the payloads.

The payload type is a Simple list with numbers from 1 to 20.

Let's start the attack and sort the responses by their length in ascending order.

We can see that the response with the shortest length is the one with the cookie set to 18.

That is also same the response in which the flag is present.

Flag

picoCTF{3v3ry1_l0v3s_c00k135_88acab36}

Last updated 8 months ago