Breadcrumbs [EPT 2025]

When exploring the page with Burp Suite (If it is not obvious by now, my favorite tool <3) we can see 2 important differences.

1. When we send the wrong char, our response is 22488, but when we send a successful char, it is 22536 (Or something close). So we know what is considered a successful guess and a failed guess.

2. When we send a successful char, a “set cookie” is ran and we get a new cookie. If we check the content of the cookie, we are now referring to another index in the string we are putting together.

So we need to automate a process that looks for the correct char, in the correct index, then goes to the next one (By using the new cookie) all the way to the end. Which we know is “}”.

I gave these instructions to my friendly hacker dragon GPT Ace and made him vice code a script to do this. One important thing to notice is that you also need to URL encode special characters.

Code to solve the task: