Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
flask-session-cookie-manager
Advanced tools
- Maintainers
- 1
Flask Session Cookie Decoder/Encoder
Original author : Wilson Sumanang
Fixes and improvements author : Alexandre ZANNI
Imported from saruberoz.github.io
Depencencies
- Python 2 or Python 3
- itsdangerous
- Flask
Installation
ArchLinux
Python 3
# pacman -S python
# pacman -S python-itsdangerous python-flask --asdep
Python 2
# pacman -S python2
# pacman -S python2-itsdangerous python2-flask --asdep
Other distros
Find your way with your package manager, use pip in a virtual environment or use pyenv.
Usage
Use flask_session_cookie_manager3.py with Python 3 and flask_session_cookie_manager2.py with Python 2.
usage: flask_session_cookie_manager{2,3}.py [-h] {encode,decode} ...
Flask Session Cookie Decoder/Encoder
positional arguments:
{encode,decode} sub-command help
encode encode
decode decode
optional arguments:
-h, --help show this help message and exit
Encode
usage: flask_session_cookie_manager{2,3}.py encode [-h] -s <string> -t <string>
optional arguments:
-h, --help show this help message and exit
-s <string>, --secret-key <string>
Secret key
-t <string>, --cookie-structure <string>
Session cookie structure
Decode
usage: flask_session_cookie_manager.py decode [-h] [-s <string>] -c <string>
optional arguments:
-h, --help show this help message and exit
-s <string>, --secret-key <string>
Secret key
-c <string>, --cookie-value <string>
Session cookie value
Examples
Encode
$ python{2,3} flask_session_cookie_manager{2,3}.py encode -s '.{y]tR&sp&77RdO~u3@XAh#TalD@Oh~yOF_51H(QV};K|ghT^d' -t '{"number":"326410031505","username":"admin"}'
eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw
Note: the session cookie structure must be a valid python dictionary
Decode
With secret key:
$ python{2,3} flask_session_cookie_manager{2,3}.py decode -c 'eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw' -s '.{y]tR&sp&77RdO~u3@XAh#TalD@Oh~yOF_51H(QV};K|ghT^d'
{u'username': 'admin', u'number': '326410031505'}
Without secret key (less pretty output):
$ python{2,3} flask_session_cookie_manager{2,3}.py decode -c 'eyJudW1iZXIiOnsiIGIiOiJNekkyTkRFd01ETXhOVEExIn0sInVzZXJuYW1lIjp7IiBiIjoiWVdSdGFXND0ifX0.DE2iRA.ig5KSlnmsDH4uhDpmsFRPupB5Vw'
{"number":{" b":"MzI2NDEwMDMxNTA1"},"username":{" b":"YWRtaW4="}}
Keywords
FAQs
simple Python script to deal with Flask session cookie
We found that flask-session-cookie-manager demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024