Cookie Monster
112 Solves
Last updated
112 Solves
Last updated
The cookie monster awaits you...
This challenge features a very real authentication bypass known as "Cookie Manipulation".
Cookies are typically used by websites to validate users, you can think of them as "proof" that you are a validated user, so that you can gain administrative rights without having to login every time.
This is how the "remember me" option works on some websites!
Think of how websites can implement cookie authentication, while ensuring that a user won't be able to edit their cookies to impersonate an authenticated user...
Hint: hashes..
Upon visiting the webpage, you are greeted with:
The website will only authenticate users with the cookie value of "alden", however my cookie value is "freshie"...
You can use any cookie manipulation tool, or even the built-in inspect element, but I'll be using the chrome extension called "Cookie Editor" as it offers more options than the built-in inspect element.
Simply editing the cookie value from "freshie" to "alden", should trick the website into thinking that I am an authenticated user.