trinetra.
cyber defense — learn
tutorials · lab 07 · burp cookie tampering
07 / 10 · CODE
03step · do it for real

A real tool in the middle. A real role pass. Your turn.

You've seen the idea. Now launch a safe practice desktop with Burp Suite Community and a deliberately weak website, log in as an ordinary user, and edit your way into the admin panel. The flashcards on the right warm you up; the quiz checks you remember the moves.

Sandbox · ready to launch

Spawn burp-cookie-tampering

You'll get a private desktop with Firefox already set up to send its messages through Burp Suite Community on 127.0.0.1:8080. The target is the acme HR website. Log in as the analyst, freeze the reply, unscramble the pass that holds your role, change it to admin, and send it on. The flag is printed inside the admin page. The session shuts down after 60 minutes of sitting idle.

intermediate 350 xp ~60 min kali · noVNC · burp community · 1 GB · cap-drop ALL
1Log in as analyst@trinetra.io
2Freeze the login reply in Burp
3Unscramble the pass, change it, send it on, grab the flag
Warm-up · 12 flashcards & 10 questions
Question
click to reveal · ← → keys to browse
Answer
click again to flip back
01 / 12