Web - Client

I’ve been working at this challenge a while and haven’t been making much progress. Apparently the more obvious methods don’t work... are we supposed to use a cookie catcher? Sorry if that’s a spoiler. Thanks for the help

I know this is a bit old but figured I’d reply in-case someone else needs assistance in the future. You are (were) on the right path; you just need some way to see what that cookie is for the admin user. Solving this challenge is actually very easy if you think about the ways you can display a cookie. Not just the ’ways’ (think document.write, alert, window.location update, etc) but also the ’locations’ (think URL, the page itself, message box, etc). Once you figure out the way and / or the location, you can then find a way to actually get that message to you. To see what I mean just setup a basic web site that mimics the challenge and then create your own cookie and find the different ways / locations to show it to yourself. Once you see how it will look to you (the user your trying to hijack in reality) you can then start down the path of getting it to show up for you as a 3rd person.

I hope that gets you / others on the right path without giving any specifics. If you need further assistance don’t hesitate to PM and I’ll redirect you in the right direction. Also keep in mind there are several ways to solve this and my method is just one and may not be the best solution.

BTW, I spent about 4 days on this making it way more complicated than it actually is.... don’t do that. :)