How to exclude Base64-encoded data in parameter in Laravel?

C

cadaver2019-09-30 15:56:04

Laravel

cadaver, 2019-09-30 15:56:04

The security guards, having scanned through Burp Suite Professional, found fault with the fact that
The following parameters appear to contain Base64-encoded data:

XSRF-TOKEN = {"iv":"blablabla","value":"blablabla","mac":"blablabla"}...
laravel_session = {"iv":"blablabla","value":"blablabla","mac":"blablabla"}

Issue background
Applications sometimes Base64-encode parameters in an attempt to obfuscate them from users or facilitate transport of binary data. The presence of Base64-encoded data may indicate security-sensitive information or functionality that is worthy of further investigation. The data should be reviewed to determine whether it contains any interesting information, or provides any additional entry points for malicious input.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

synapse_people, 2019-09-30
@synapse_people

you can xor this line and unxor it when needed
:)

J

JhaoDa, 2019-09-30
@JhaoDa

If these so-called “safeguards” are ready for dialogue, then explain that there is no need to panic in any way - this is, in fact, just compression.
If you are not ready, which often happens, then write your own session handler and csrf tokens.