Tools

Broken Authentication Via Cookie Manipulation

Procedure

Step1:Enter your username and click "Login"

login

Step 2: Click on the "Check Admin Access" button to verify if you have administrative privileges.

welcome

Step 3: Since access is denied, let's try manipulating the cookie to gain administrative privileges

acess denied

click on the settings icon and select "Browser Cookie" to proceed.

browser cookie

Step 4: Use the Encode/Decode tool to experiment with base64 encoding and decoding.

base64

Try copying and pasting the encoded values, then use the toolbar to decode them. Familiarize yourself with the base64 toolbar.

practice encode

Step 5: Follow these instructions to manipulate the privilege cookie:

  • Find the privilege cookie in the list.
    • step1
  • Click edit button and copy the value of the privilege cookie.
  • Paste the copied value into the input field in the toolbar.
  • Click "Decode" to view the current value of the privilege cookie
  • Copy the decoded value {"isadmin":false} and Paste the value in input feild of the toolbar
  • Change `"false"` to `"true"` in the decoded value.
  • Click "Encode" to encode the updated value.
  • Replace the original privilege cookie value with the newly encoded value.
  • Click "Update" to apply the changes.,click "go home" to proceed
  • click on the button to see if you have access!
  • Sucessfully manipulated the cookie