PicoCTF: Cookies - Writeup

Challenge Description

Cookies are a fundamental part of how the web works. Can you find the flag?

Hint: The server remembers what you like by setting a cookie.

Solution

This is a simple Web challenge about cookie manipulation.

Step 1: Inspect the page

The page has a search box where you can enter a cookie type (chocolate, sugar, etc.). Each selection returns a different message.

Step 2: Look at the cookies

Using browser dev tools, I can see a cookie named name with a numeric value. When I select “chocolate”, the cookie value is set to 1.

Step 3: Brute-force the cookie value

import requests

url = "http://example.com/check"
for i in range(30):
    r = requests.get(url, cookies={"name": str(i)})
    if "Flag" in r.text or "picoCTF" in r.text:
        print(f"Found at {i}: {r.text}")
        break

Step 4: Get the flag

The flag was found at cookie value 18.

Flag: picoCTF{3v3ry1_l0v3s_c00k135_94155161}

Key Takeaways

• Always inspect cookies when doing Web CTF challenges
• Automation tools can speed up repetitive tasks
• Simple brute-force can reveal hidden content