Hacking Flask Session Cookie

Introduction

The cookie used to store session data is known session cookie. Flask signs the session cookie. It means that anyone can view the contents of the cookie, but can’t modify the cookie unless he has the secret key used to sign the cookie.

Information By: https://overiq.com/flask-101/sessions-in-flask/

Cookie Format

eyJsb2dnZWRfaW4iOnRydWUsInVzZXJuYW1lIjoic2Fsc2EifQ.YyhE4w.9zyLlE4V6ZM8XCHzzFU9jyV9h4g

It’s Flask Session Cookie JWT?

NO, I know that they seem to have the same syntax, but it is not the same, the big doubt is because jwt.io can decrypt the flask session, however once decrypted you can see that the syntax is different.
The big difference in the use of JWT to Flask, is that Flask cookies store the signature and user information on the client side of the cookie.
In JWT you can choose where you want to store it.

Laboratory

The lab we will use will be a HackTheBox machine called Noter.
We will also use a tool called flask unsign.

I think Flask Unsign it’s only preinstalled in Parrot OS, in Kali Linux I don’t have, to install you only need to run this command: