# web/pandafacts We need to become a member in order to get the intersting fact aka flag: changing cookie to add member:"1" ? burp intercept change param async function generateToken(username) { const algorithm = 'aes-192-cbc'; const key = Buffer.from(process.env.KEY, 'hex'); // Predictable IV doesn't matter here const iv = Buffer.alloc(16, 0); const cipher = crypto.createCipheriv(algorithm, key, iv); const token = `{"integrity":"${INTEGRITY}","member":0,"username":"${username}"}` let encrypted = ''; encrypted += cipher.update(token, 'utf8', 'base64'); encrypted += cipher.final('base64'); return encrypted; } async function decodeToken(encrypted) { const algorithm = 'aes-192-cbc'; const key = Buffer.from(process.env.KEY, 'hex'); // Predictable IV doesn't matter here const iv = Buffer.alloc(16, 0); const decipher = crypto.createDecipheriv(algorithm, key, iv); let decrypted = ''; try { decrypted += decipher.update(encrypted, 'base64', 'utf8'); decrypted += decipher.final('utf8'); } catch (error) { return false; } let res; try { res = JSON.parse(decrypted); } catch (error) { console.log(error); return false; } if (res.integrity !== INTEGRITY) { return false; } return res; }