Want to run this Docker container locally?

docker run -d -p 3005:3005 --restart always --name cookie-overflow joshbeck2024/cookie_bot-ctf-challenge

Begin by registering an account, logging in, and going to the ‘Admin Portal.’

We are provided with bot.js and app.py.

This is a common CTF Scenario:

• There is a ‘bot’ that acts as a shadow user
• It will browse the website in various ways and it is your job to exploit this user as it traverses the site.

Bot.js does the following:

• Logs in
• Checks for tickets
• It submits the ‘Flag’ value to its own personal profile, which we do not have access to

The goal here is to ‘overflow’ the bot's cookie jar so that it has a copy of our user’s authentication cookie.

A cookie overflow attack exploits the fact that browsers enforce strict limits on how many cookies a site can store and how large they can be.

• Typical browser limits (approximate):
  • ~50 cookies per domain
  • Oldest cookies are evicted first when limits are exceeded
• If a web application allows users to set arbitrary cookies (via an attack like XSS), an attacker can intentionally create many large cookies until the browser is forced to delete older cookies.

First, find your session cookie. (You are the attacker in this scenario.)