# Cookies ## Category Web Exploitation ## Question Who doesn't love cookies? Try to figure out the best one. ## Hint No Hint ## Solution A box search is given to the challenge.

I tried to type `snickerdoodle`then I got `I love snickerdoodle cookies!`. As the title of the challenge, this is related to cookies, so I opened the dev tool and looked for cookies. It has a value field with the type of number. I tried to change the number and reload the website to see what happened and there are some changes on the web page. So, I thought that flag might be shown if I can reach a number of the value field. To be faster, I used Burp and using Burp Intruder to the brute force value field. I tried to brute force with numbers from 1 to 20 and looked for responses -> got the flag

## Flag `picoCTF{3v3ry1_l0v3s_c00k135_88acab36}` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://thomasbui.gitbook.io/blog/software-security/ctfs-write-ups/writeups-picoctf-collection/picoctf-2021/web-exploitation/cookies.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.