> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-17/cookie-manipulation/trick-0333.md).

# Encoded Cookie Value Manipulation for Auth Bypass

***

When a web application stores sensitive data in a cookie (like `user-auth`) that is merely encoded (e.g., hex) but not encrypted or integrity checked, you can manipulate its content.

Capture the cookie's value. Decode the value, for example, using a tool like CyberChef, which is useful to manipulate the data and perform data decoding. If the decoded value is a structured format like JSON containing fields such as `username`, modify the relevant field to gain elevated privileges (e.g., change `"username":"user"` to `"username":"admin"`). Tools like CyberChef support operations like 'From Hex' and 'From JSON' to assist in this process.

Re-encode the modified content back to the original encoding format (hexadecimal). CyberChef can perform this step using operations such as 'To Hex'. Replace the original cookie value in your browser's developer tools with the new, malicious value and refresh the page to potentially bypass authentication schema.

Example final hex-encoded cookie value modified for `username: "admin"`:

```
7b636f6d70616e793a2022546865204265737420466573746976616c20436f6d70616e79222c206973726567697374657265643a2254727565222c20757365726e616d653a2261646d6e227d
```
