Web - Client

I’ve been able fetch the bots cookie, localStorage, sessionStorage and they are all empty. I’ve also checked the typeof of the JS variable "flag" and "FLAG_REDACTED" and it is undefined. I’m really running out of idea as to where to look for the flag. Anyone can help me to figure out what I’m missing ?

You don’t need the cookies to find the flag. Actually the exercise could have been titled : XSS - CSP Bypass. Good luck ;)