Help With Question -> Proxies/ZAP Fuzzer

The directory we found above sets the cookie to the md5 hash of the username, as we can see the md5 cookie in the request for the (guest) user. Visit ‘/skills/’ to get a request with a cookie, then try to use ZAP Fuzzer to fuzz the cookie for different md5 hashed usernames to get the flag. Use the “top-usernames-shortlist.txt” wordlist from Seclists.

Can you give me more detailed instructions what to do?
Thank you so much

1 Like

Unfortunately it does not work. What am I doing wrong?

Took me time to get this, but you’re in good position.

So after setting up your Payload with “084…” you need to set your processors to md5 hashes and then in the fuzzers tab all will appear with 200 and just resend to the browser to view the flag

1 Like

For anyone else stuck with this, this article helped me - How are cookies passed in the HTTP protocol? - Stack Overflow

where can I found the “top-usernames-shortlist.txt” wordlist ?

Try : /opt/useful/SecLists/Usernames/top-usernames-shortlist.txt