Skip to main content

Cookie Monster Secret Recipe

  • Description: Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe?
  • Difficulty: Easy

🔎 Solution

The challenge presents a login page requiring a username and password. Submitting random credentials results in an "Access Denied" message, along with a subtle hint referencing a cookie.

Inspecting the POST request using Burp Suite reveals that the server's response includes a Set-Cookie header containing a Base64-encoded string. Leveraging Burp Suite's built-in Base64 decoder, we can decode this value - which ultimately reveals the flag.

🚩Flag

picoCTF{c00k1e_m0nster_l0ves_c00kies_DE7A5E76}