• Stars
    star
    455
  • Rank 92,852 (Top 2 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 7 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

πŸͺ Flask Session Cookie Decoder/Encoder

Flask Session Cookie Decoder/Encoder

Build Status Build Status Rawsec's CyberSecurity Inventory GitHub top language GitHub license

Original author : Wilson Sumanang

Fixes and improvements author : Alexandre ZANNI

Imported from saruberoz.github.io

Depencencies

Installation

Package

Packaging status

BlackArch Linux

# pacman -S flask-session-cookie-manager{3,2}

Git

ArchLinux

Both python3 etn python2:

$ git clone https://github.com/noraj/flask-session-cookie-manager.git && cd flask-session-cookie-manager
# makepkg -sic

Other distros

Find your way with your package manager, use pip in a virtual environment or use pyenv.

Eg.

$ git clone https://github.com/noraj/flask-session-cookie-manager.git && cd flask-session-cookie-manager
$ python -m venv venv
$ source venv/bin/activate
$ python setup.py install

Usage

Use flask_session_cookie_manager3.py with Python 3 and flask_session_cookie_manager2.py with Python 2.

usage: flask_session_cookie_manager{2,3}.py [-h] {encode,decode} ...

Flask Session Cookie Decoder/Encoder

positional arguments:
  {encode,decode}  sub-command help
    encode         encode
    decode         decode

optional arguments:
  -h, --help       show this help message and exit

Encode

usage: flask_session_cookie_manager{2,3}.py encode [-h] -s <string> -t <string>

optional arguments:
  -h, --help            show this help message and exit
  -s <string>, --secret-key <string>
                        Secret key
  -t <string>, --cookie-structure <string>
                        Session cookie structure

Decode

usage: flask_session_cookie_manager{2,3}.py decode [-h] [-s <string>] -c <string>

optional arguments:
  -h, --help            show this help message and exit
  -s <string>, --secret-key <string>
                        Secret key
  -c <string>, --cookie-value <string>
                        Session cookie value

Examples

Encode

$ python{2,3} flask_session_cookie_manager{2,3}.py encode -s '.{y]tR&sp&77RdO~u3@XAh#TalD@Oh~yOF_51H(QV};K|ghT^d' -t '{"number":"326410031505","username":"admin"}'
eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw

Note: the session cookie structure must be a valid python dictionary

Decode

With secret key:

$ python{2,3} flask_session_cookie_manager{2,3}.py decode -c 'eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw' -s '.{y]tR&sp&77RdO~u3@XAh#TalD@Oh~yOF_51H(QV};K|ghT^d'
{u'username': 'admin', u'number': '326410031505'}

Without secret key (less pretty output):

$ python{2,3} flask_session_cookie_manager{2,3}.py decode -c 'eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw'
{"number":{" b":"MzI2NDEwMDMxNTA1"},"username":{" b":"YWRtaW4="}}

More Repositories

1

OSCP-Exam-Report-Template-Markdown

πŸ“™ Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report
Ruby
2,870
star
2

haiti

πŸ”‘ Hash type identifier (CLI & lib)
Ruby
391
star
3

rawsec-cybersecurity-inventory

An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.
JavaScript
190
star
4

BB-legal-FR

Quelques conseils autour des obligations lΓ©gales, fiscales et juridique pour la pratique du Bug Bounty en France
94
star
5

Umbraco-RCE

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Python
61
star
6

ctf-party

🚩 A CLI tool & library to enhance and speed up script/exploit writing with string conversion/manipulation.
Ruby
61
star
7

firefox-extension-arch-search

A set of Web Extensions that adds ArchLinux (bug tracker, forum, packages, wiki, AUR) as a search engine to the Firefox browser.
Shell
25
star
8

miniss

Displays a list of open listening sockets. It is a minimal alternative to ss or netstat.
Crystal
24
star
9

pass-station

CLI & library to search for default credentials among thousands of Products / Vendors
Ruby
24
star
10

vbsmin

VBScript minifier
Ruby
20
star
11

tryhackme-writeups

Write-Ups for TryHackMe
19
star
12

the-hacking-trove

The hacker technical cheat sheet
16
star
13

Bludit-auth-BF-bypass

Bludit <= 3.9.2 - Authentication Bruteforce Mitigation Bypass
Ruby
15
star
14

Atmail-exploit-toolchain

AtMail Email Server Appliance 6.4 - Exploit toolchain (XSS > CSRF > RCE)
PHP
12
star
15

ctfd-theme-sigsegv2

SigSegv2 CTFd theme
HTML
10
star
16

DCDetector

Spot all domain controllers in a Microsoft Active Directory environment. Find computer name, FQDN, and IP address(es) of all DCs.
Ruby
10
star
17

rabid

πŸͺ A CLI tool and library allowing to simply decode all kind of BigIP cookies.
Ruby
9
star
18

vrt-cli

A simple tool to visualize VRT (Vulnerability Rating Taxonomy) from the CLI.
Ruby
9
star
19

Pentest-collab-convert

Collection of scripts used to convert stuff from one penetration testing collaborative platform to another and facilitate the migration of solution
Ruby
9
star
20

PixelChart

Map binary data into a beautiful chart
Ruby
8
star
21

security.txt_stats

πŸ“Š Scripts used for the security.txt statistic study
Ruby
8
star
22

OpenEMR-RCE

OpenEMR <= 5.0.1 - (Authenticated) Remote Code Execution
Ruby
8
star
23

fuelcms-rce

Fuel CMS 1.4 - Remote Code Execution
Ruby
5
star
24

spaceship-current-netns

Current network namespace for Spaceship prompt
Shell
5
star
25

OFTRTA-poe-filter

[Loot Filter] One Filter to Rule Them All for Path Of Exile
4
star
26

tls-map

CLI & library for TLS cipher suites manipulation
Ruby
3
star
27

XSS-classification-model-slideshow

πŸ—’οΈ A presentation about XSS classification model - Types of XSS evolution
3
star
28

kh2hc

Convert OpenSSH known_hosts file hashed with HashKnownHosts to hashes crackable by Hashcat.
Ruby
3
star
29

XSS-classification-model

πŸ’¬ XSS classification model - Types of Cross-Site Scripting
3
star
30

SigSegV2.reverse_6

A reverse challenge that was available during SigSegV2 CTF (2019)
Ruby
2
star
31

SigSegV2.webserver_11

A web challenge that was available during SigSegV2 CTF (2019)
PHP
2
star
32

defango

1
star
33

SigSegV2.webserver_3

A web challenge that was available during SigSegV2 CTF (2019)
PHP
1
star
34

presentation-one-time-pad

A presentation about one-time pad
1
star
35

SigSegV1.webserver_7

A web challenge that was available during SigSegV1 CTF (2018)
CSS
1
star
36

Create-python-package-presentation

How to create a simple python package
CSS
1
star
37

noraj

my special repo
1
star
38

quartz-utils

Everyday CLI utilities that are easily pipable
Crystal
1
star
39

exploit-CVE-2022-24780

iTop < 2.7.6 - (Authenticated) Remote command execution
Ruby
1
star