IP Address: 172.25.200.200

Port: 9005

For this challenge, you’ll want to have worked through the Red1 and Red2 challenges first.

In the BurpSuite browser go to the ‘Start Pulling’ Link.

Go ahead and middle-mouse click to open the linked wordlist in a new tab.

Although this wordlist is short and it would be easy to manually type each value to try and get the flag, in most cases you are going to have much longer wordlists you are dealing with.

Click through to page2.php , and you will see this:

• Click ‘Check Cookie’ to go to page2.php

Turn on intercept and refresh the webpage. This time instead of repeater, we’ll use the Intruder!

In the intruder tab, we’ll see that Burp Suite has highlighted several brute-force candidates in this web request. Each potential value is surrounded by the § character. (You won’t ever have to type that one. )

We’ll leave intruder in ‘Sniper’ mode. Once you figure out Sniper, take a look at some of the other modes there on your own. ‘Sniper’ mode simply restricts us to brute forcing only a single value at a time. There is another mode, ‘Pitchfork mode’, that will allow you to change more than one value each time the page is requested.

In this case, we are only interested in the ‘magic_cookie’ value. Click the clear button to clear all entry points.

Then highlight the value after the equal sign, as seen below, and click add. (It will be highlighted green after you do this correctly.)