DEVHIDE
Login Or Sign up

Decrypt Rail 4 session cookie from websocket thread

507 Views Asked by At

Rails 4.1.8, ruby 2.1.5p273

I try to get session id from inside EventMachine::WebSocket thread.

session and cookie objects are not avaible here, so it need to manually decrypt cookie from websocket handshake headers. Cookie is smth like this:

SFRRZHJGZUtMQnZPeFd2QktjTVc0bVdDQUkvbjhueVczTFpZdG9Ed1ozMGN1dzFjVXhOZGwvOUJLTlZqd29hMDVha3lEN0hleUZtZDZjN2NCa3lIQ0FsWHFoMVQ0SytaV1U0UHc0emo4L2pNUC9MVVNVQVR4c01JS1FmUS9DejRkN3p4cmVEMXROS1NEZk1uNDcvbXF2VEhzMHMyVEZPZytIMDR0aDd3YUZnPS0tZENYRFVzL1psS0hZRFA5M0l4WGZuZz09--2ed3a27ad19bd19bd3b5bf12d164b53665d5323e

I've tried this and this variants, but both failed

First way:

arr = handshake.headers['Cookie'].split ';'
cookies = {}
arr.each do |rec|
  key,value = rec.split '='
  cookies[key.strip] = value.strip
end
rack_cookie = Rack::Session::Cookie.new(App, { # App name changed
      :key => Rails.application.config.session_options[:key],
      :path => '/',
      :expire_after => 2592000, #30 days
      :secret => Rails.application.secrets.secret_key_base,
      :coder => Rack::Session::Cookie::Base64.new
  })
sess = cookies[Rails.application.config.session_options[:key]]
return rack_cookie.coder.decode(Rack::Utils.unescape(sess.split('--').first))

Got string like this:

muHBVeeYknNJyb43HpVC3lnlDwJ+rC2NGFtBM2y4Nzu6qA+D1sNkmnQY4nRTJx1kl0znz1kkupGFe/ilRjAg1eJNaxFPJhVmBrkp+TBwu38R7+igGj2edkYkFBCandq9XuFn3ILFYwvszMV6iVc0Z2Ftfg6lyIwPfLi5UJMJM3E=--ZIy+dc//zwk/zs3qsaq9vQ==

When I try to Marshal.load this string, get error:

TypeError: incompatible marshal file format (can't be read)
        format version 4.8 required; 109.117 given

Second way:

message = URI.unescape sess # sess from prevois code block, btw sess == message
config = Rails.application.config

key_generator = ActiveSupport::KeyGenerator.new(
  Rails.application.secrets.secret_key_base, iterations: 1000
)
secret = key_generator.generate_key(
  config.action_dispatch.encrypted_cookie_salt
)
sign_secret = key_generator.generate_key(
  config.action_dispatch.encrypted_signed_cookie_salt
)

encryptor = ActiveSupport::MessageEncryptor.new(
  secret, sign_secret
)

encryptor.decrypt_and_verify message

Get this error:

ActiveSupport::MessageEncryptor::InvalidMessage: ActiveSupport::MessageEncryptor::InvalidMessage

How to decrypt this cookie?

session ruby-on-rails-4 cookies encryption em-websocket
Original Q&A
1

There are 1 best solutions below

0
Djunzu On

Change

ActiveSupport::MessageEncryptor.new(secret, sign_secret)

to

ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)

It should work (with default configurations).

Source: https://gist.github.com/madwork/858316306a3ebe54a54f

Related Questions in SESSION

Related Questions in RUBY-ON-RAILS-4

Related Questions in COOKIES

Related Questions in ENCRYPTION

Related Questions in EM-WEBSOCKET

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.