537a8a111f
* flask-unsign: add page * Update pages/common/flask-unsign.md Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com> * Update pages/common/flask-unsign.md Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com> * Update pages/common/flask-unsign.md Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com> * Update pages/common/flask-unsign.md Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com> --------- Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com>
1.3 KiB
flask-unsign
A tool to brute-force, decode and craft
Flasksession cookies. More information: https://github.com/Paradoxis/Flask-Unsign.
- Decode a Flask session cookie:
flask-unsign {{[-d|--decode]}} {{[-c|--cookie]}} {{cookie}}
- Decode a session cookie fetched from a URL which returns a
Set-Cookieheader:
flask-unsign {{[-d|--decode]}} --server {{URL}}
- Brute-force a secret key using the default flask-unsign-wordlist (requires
flask-unsign-wordlist):
flask-unsign {{[-u|--unsign]}} {{[-c|--cookie]}} {{cookie}}
- Brute-force a secret key with a custom wordlist (use
--no-literal-evalfor unquoted entries):
flask-unsign {{[-u|--unsign]}} {{[-c|--cookie]}} {{cookie}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}}
- Sign a new session cookie with a secret key:
flask-unsign {{[-s|--sign]}} {{[-c|--cookie]}} {{"{'logged_in': False}"}} {{[-S|--secret]}} {{secret}}
- Sign a session cookie using legacy timestamp (useful for old versions):
flask-unsign {{[-s|--sign]}} {{[-c|--cookie]}} {{"{'logged_in': False}"}} {{[-S|--secret]}} {{secret}} {{[-l|--legacy]}}
- Brute-force a session cookie with custom threads and no literal evaluation:
flask-unsign {{[-u|--unsign]}} {{[-c|--cookie]}} {{cookie}} {{[-w|--wordlist]}} {{path/to/wordlist.txt}} {{[-t|--threads]}} {{threads}} {{[-nE|--no-literal-eval]}}