Advent Of Cyber 3 - Day 4
tl;dr:
Bruteforce
Start burp suite, activate foxyproxy to point firefox over to burp. Capture a login request and send over to intruder. Load the list from THM into intruder and search for a variation in response-size , which will point to the correct password/response.
the password is: cookie
logging in, we can see that santa’s itinerary is: THM{SANTA_DELIVERS}
EOF