Advent Of Cyber 3 - Day 4

Posted on Dec 4, 2021
tl;dr: Bruteforce

Start burp suite, activate foxyproxy to point firefox over to burp. Capture a login request and send over to intruder. Load the list from THM into intruder and search for a variation in response-size , which will point to the correct password/response.

the password is: cookie

logging in, we can see that santa’s itinerary is: THM{SANTA_DELIVERS}