CTF

Flask web applications are clever beasts, storing session data client-side in cookies. It’s convenient for developers, but it can also be a security rabbit hole if you’re not careful. That’s why I put together FlaskOfCookies, a tool to help you decode, encode, and (if necessary) brute-force Flask session cookies. To be clear, this isn’t entirely my invention. It started because I hit a wall on a Root-Me challenge, I couldn’t get it done with noraj’s tool (props to Alexandre Zanni for his great work). So, I decided to rework it, adding my own spin to tackle the issue. This tool is for anyone who’s curious about Flask’s session cookies, whether you’re debugging, testing, or just poking around. ...