04step · module overview
You finished Lab 07. Here's what stuck.
A short recap of the moves you made with Burp — keep them close. Putting a tool in the middle of your own browser and the website is the single most useful skill in web hacking; almost every other web attack starts with the same loop: sit in the middle, freeze a message, edit it, send it on.
Module complete · burp-cookie-tampering
You sent a real browser's messages through Burp, froze the login reply, unscrambled the pass that held your role, changed user to admin, and walked straight into the admin console. Sitting in the middle of your own browser and a website is the most useful skill in web hacking — almost every other web attack begins with the same loop.
XP earned+350xp
DifficultyMedium
Time spent~60min
TrackCode
≡
Recap · the five moves
keep close
-
01
Open — Burp sits in the middle.
Send Firefox's messages to Burp at
127.0.0.1:8080, do the one-time trust step, and switch Intercept ON. Every message in and out now pauses for you to read. -
02
Login — watch what comes back.
A plain login returns
200 OKand hands your browser a pass:Set-Cookie: role=dXNlcg==. Half of this work is just reading the reply the website freely gave you. -
03
Decode — it's shuffled, not locked.
echo dXNlcg== | base64 -dprintsuser.echo -n admin | base64printsYWRtaW4=. Now you know exactly how the pass is written. -
04
Tamper — swap it before letting it go.
While the reply is frozen in Burp, replace
dXNlcg==withYWRtaW4=and clickForward. Your browser keeps the edited pass as if the website had really handed it over. -
05
Admin — your browser is treated as an admin.
The admin page request now carries
Cookie: role=YWRtaW4=. The website believes the pass, reads "admin", and shows the dashboard — the flag is printed in the reply. Defence: the website must check 'are you allowed?' on its own side for every protected page, give out passes with a tamper-proof seal, and keep who's an admin in its own records — never on the pass.