How does the open-source Python code in the article crack the 8th byte of the first ciphertext block?

The code iterates through all possible byte values (0x00 to 0xFF) for the last byte of the crafted intermediate block. It constructs a modified ciphertext by prepending 15 zero bytes plus the trial byte to the second ciphertext block, then sends a GET request with this malformed `cadata` cookie. If the server responds with `reason=2`, the decryption succeeded and the correct padding byte was guessed. The script prints the successful byte value and exits. This is the first step of the full Padding Oracle Attack, which decrypts each byte sequentially as described in the ProxyOracle Exploitation Analysis 2—CVE-2021-31196 article.