How to find PHPSESSID  Go to the Blinded by the light challenge

This is a blind sql injection, so I tried to write a python code, but I also need to know PHPSESSID to solve a challenge with my account. Without that, I can solve this challenge, but not with my account. I tried to find a cookie, but in this site I don't have any cookie like other sites. document.cookie show only ''. How to find a cookie?

Because the cookie is marked "HTTPOnly" you probably cannot get it using Javascript.

Most browsers let you view the cookies for a particular site (check the preferences).

Depending on your browser, it might be easier to just install an extension that lets you view cookies for the site you're currently browsing.

In Firefox and Chrome you also have a "developer's console" (called Firebug in Firefox, not sure of the Chrome name), that lets you see a lot of information, including cookies being sent to the site.

Thank you. In chrome, 'EditThisCookie' showed httpOnly cookie. But, in www.wechall.net, cookie named 'WC' is set before log-in, and after log-in, the value of cookie is not changed. More strange thing is that log-in that is tried after deleting cookie are not allowed. There is one cookie that is named 'WC' and there are no other cookies but 'WC'. What should I do to get a cookie that is really related to my log-in?

Hello,

That's normal Cookie "WC" identifies your session with the site; when you login, the server registers that, and even though your session id stays the same, the server now knows that you're logged in (data related to each session is stored on the server).

You can use your "WC" cookie to solve the challenges. You can think of "WC" as a variation of "PHPSESSID", it just has a different name and format.

I was confused a little bit, now I got to know a way to do it. Thank you!