Hey I need help with the question in using web proxies that states:
Once you decode the cookie, you will notice that it is only 31 characters long, which appears to be an md5 hash missing its last character. So, try to fuzz the last character of the decoded md5 cookie with all alpha-numeric characters, while encoding each request with the encoding methods you identified above. (You may use the “alphanum-case.txt” wordlist from Seclist for the payload)
I’ve tried sending the request through intruder with a “Set-Cookie: cookie= prefix base64 $$ and encode back to the original md5” but I still haven’t found the flag or answer yet. Any suggestions?
Hey, rather than setting the cookie like that. Just put the cookie into the header normally. I think its something like:
Cookie: cookie=$$
Take another look at how you decoded the cookie before. Looks like you are missing something. And you shouldn’t need to encode to MD5 because that was the core of the decoded cookie if you know what I mean.
-onthesauce
1 Like
should I put it after the /admin.php?
Put it in the headers. Try viewing some requests and responses. You should see how the cookies end up getting placed in the headers.
1 Like