IsmailTP/cookie-forge-CTF

# Nacrosand – The Cookie Forger A beginner-friendly web exploitation challenge focused on insecure session handling and client-side trust vulnerabilities. ## Challenge Information * **Category:** Web Security * **Difficulty:** Easy–Medium * **Author:** Ismail TP ## Description Nacrosand – The Cookie Forger is a web-based Capture The Flag (CTF) challenge designed to teach players how insecure client-side authentication mechanisms can lead to privilege escalation. Players explore the application, analyze session behavior, and identify weaknesses in how user roles are handled inside browser cookies. The challenge is designed to simulate real-world mistakes developers make when trusting client-controlled data. ## Features * Custom themed challenge environment * Hidden endpoint discovery * Cookie-based authentication system * Client-side session manipulation * Beginner-friendly exploitation flow * Real-world inspired vulnerability design ## Technologies Used * Python * Flask * HTML/CSS/JavaScript ## Skills Practiced * Web reconnaissance * Cookie analysis * Session handling * Authentication testing * Web exploitation methodology ## Setup Instructions ### Clone Repository git clone https://github.com/IsmailTP/nacrosand.git cd nacrosand ### Install Dependencies pip install -r requirements.txt ### Run the Challenge python app.py ## Screenshots Add challenge screenshots here. Suggested screenshots: * Homepage * Login page * Dashboard * Browser developer tools * Final challenge screen ## Educational Purpose This challenge was created for ethical cybersecurity education and hands-on security training purposes only.

标签：后端开发