While temporary cookies are primarily used to store the session identifier, many applications also utilize them to store additional session-specific data (such as specific preferences). The application treats these cookies as if they were read-only parameters. The application’s use of these cookies is frequently susceptible, making it a target for attackers who modify the cookies to circumvent the application’s security features.
Let’s take a look at the challenge. First, click on the “Enter site” button and analyze the behavior.
Looks like in this example we need to tamper with the cookies. Right-click on the page and from the drop-down menu select the “Inspect” option.
As you can see, we could retrieve cookie information, but it looks like it is set to “false”. We need to change the “is_access=false;” to “is_access=true;”. To do so, type the following command “document.cookie=”i3_access=true;” and hit “Enter”.
Now, the access to the cookies is set to “true”, we can go ahead and click on the “Enter site” button to access the page.