Tools: Pentest tools used in industry.
1. Flask-Unsign: A tool to forge flask session cookies Tool Github Link: https://github.com/Paradoxis/Flask-Unsign Author's official blog: https://blog.paradoxis.nl/defeating-flasks-session-management-65706ba9d3ce While reading this blog , i had a callback that while solving a HTB box i have seen this before but never tried it. So here it is. This tool can be used to manipulate stateless cookies, like FLask's session management and JWTs are not encrypted rather they are signed which means they are are easily readable and manipulable as long as secret is somehow known . Server accepts the data hash it with a secret and verify the signature it recevied against the signature it produced by hashing.If they match server allows the user to perform action, else not. flask-unsign one such tool which can get the cookie and try to guess the secret which have been used to sign the cookie using a wordlist. You can use either your own wordlist or creator's common se...