Cookie Monster Secret Recipe
- Description: Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe?
- Difficulty: Easy
🔎 Solution
The challenge presents a login page requiring a username and password. Submitting random credentials results in an "Access Denied" message, along with a subtle hint referencing a cookie.

Inspecting the POST request using Burp Suite reveals that the server's response includes a Set-Cookie
header containing a Base64-encoded string.
Leveraging Burp Suite's built-in Base64 decoder, we can decode this value - which ultimately reveals the flag.

🚩Flag
picoCTF{c00k1e_m0nster_l0ves_c00kies_DE7A5E76}