Now that the app is running let's go hacking!
Let's login with admin/admin:
Once we login we see an API key.
Let's have a look at the source code:
We can see the cookie session secret is exposed, now we can try to recreate this application cookie implementation to be able to recreate a cookie to bypass the authentication.
We can start building our malicious server.
Save the snippet above to > evil_server.py and run the commands below to install some dependencies. Of course you can also run your app on whatever service you want it does not have to be python flask.
Save the following snippet code into /templates/evil.html
We are ready to start our server:
Now we can replace our original cookie with the tampered cookie.
Send the request again:
Now that the app is running let's go hacking!
Let's login with admin/admin.
Once we login we see an API key.
Let's have a look at the source code:
We can see the cookie session secret is exposed, now we can try to recreate this application cookie implementation to be able to recreate a cookie to bypass the authentication.
We can start building our malicious server.
Save the snippet above to > evil_server.js and run the commands below to install some dependencies. Of course you can also run your app on whatever service you want it does not have to be nodeJs express.
Save the following snippet code into /views/evil.js
We are ready to start our server:
Now we can replace our original cookie with the tampered cookie.
Refresh the page: