Home / Decoder / Encoder / Flask / Flask-Session-Cookie-Manager / Offensive Security / Python / Python3 / Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder

Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder

| Post sponsored by FaradaySEC | Multiuser Pentest Environment

 Flask Session Cookie Decoder/Encoder

Depencencies

Installation

BlackArch Linux
# pacman -S flask-session-cookie-manager{3,2}

Git

ArchLinux
Both python3 etn python2:
$ git clone https://github.com/noraj/flask-session-cookie-manager.git && cd flask-session-cookie-manager
# makepkg -sic

Other distros
Find your way with your package manager, use pip in a virtual environment or use pyenv.
Eg.
$ git clone https://github.com/noraj/flask-session-cookie-manager.git && cd flask-session-cookie-manager
$ python -m venv venv
$ source venv/bin/activate
$ python setup.py install

Usage
Use flask_session_cookie_manager3.py with Python 3 and flask_session_cookie_manager2.py with Python 2.
usage: flask_session_cookie_manager{2,3}.py [-h] {encode,decode} ...

Flask Session Cookie Decoder/Encoder

positional arguments:
  {encode,decode}  sub-command help
    encode         encode
    decode         decode

optional arguments:
  -h, --help       show this help message and exit

Encode
usage: flask_session_cookie_manager{2,3}.py encode [-h] -s <string> -t <string>

optional arguments:
  -h, --help            show this help message and exit
  -s <string>, --secret-key <string>
                        Secret key
  -t <string>, --cookie-structure <string>
                        Session cookie structure

Decode
usage: flask_session_cookie_manager.py decode [-h] [-s <string>] -c <string>

optional arguments:
  -h, --help            show this help message and exit
  -s <string>, --secret-key <string>
                        Secret key
  -c <string>, --cookie-value <string>
                        Session cookie value

Examples

Encode
$ python{2,3} flask_session_cookie_manager{2,3}.py encode -s '.{y]tR&sp&77RdO~u3@XAh#TalD@Oh~yOF_51H(QV};K|ghT^d' -t '{"number":"326410031505","username":"admin"}'
eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw
Note: the session cookie structure must be a valid python dictionary

Decode
With secret key:
$ python{2,3} flask_session_cookie_manager{2,3}.py decode -c 'eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw' -s '.{y]tR&sp&77RdO~u3@XAh#TalD@Oh~yOF_51H(QV};K|ghT^d'
{u'username': 'admin', u'number': '326410031505'}
Without secret key (less pretty output):
$ python{2,3} flask_session_cookie_manager{2,3}.py decode -c 'eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw'
{"number":{" b":"MzI2NDEwMDMxNTA1"},"username":{" b":"YWRtaW4="}}

Original author : Wilson Sumanang
Fixes and improvements author : Alexandre ZANNI
Imported from saruberoz.github.io


Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder Flask-Session-Cookie-Manager - Flask Session Cookie Decoder/Encoder Reviewed by Zion3R on 5:30 PM Rating: 5