I’m a little bit stuck on this exercise, and also a bit confused about the goal. The last example shows that the web must be vulnerable to content-type but I cannot make it happen.
Also the hint points to cook the cookie, that is also different from the examples where the cookie is a phpsessid and here is a cookie named auth.
No matter what I put in the cookie as it is b64, that will be the name shown in the web app…
I will appreciate any help about what is the goal , I don’t think they want me to mess with decoding the second part of the cookie as the lesson is about the methods of the WebApps, I’m wrong?
I have search your question when I had stuck on this question feeling such frustrate.
The answer is so simple, you even do not need to think much deeper. As an old quote said " Don’t drill at the rabbit hold. "
Try to think out of the box and you will have the idea, I promise.
BTW: Have the exercise told you that the random stuff is necessary ?
Hello, thank you for the help, but I was doing something wrong during years that lead me to fail in this case…
I will told you all because maybe someone is doing wrong as I was and we are here to learn.
When I want to encode/decode base64 always did it in the Linux terminal this way echo "something" | base64 -d this worked for me almost every time, but doing this way sometimes simply will not, this is because the echo application in the Linux terminal sometimes appends one invisible character to the “something” string you’re encoding, this can be avoided if you add “-n” as parameter to the echo, this way the invisible character isn’t added to the string and the base64 will be correct.
I know this maybe is a very noob question, but as I said this error has been with me years without knowing… Hope this will help someone!
The original problem is solved, so wikk be a good thing to edit the subject to solved and also I want to edit the solution itself as it has a typo in the argument I’d posted, the correct one is ‘-e’