How to get the session token from the received values?

S

Sergey Vasiliev2021-09-18 18:48:15

PHP

Sergey Vasiliev, 2021-09-18 18:48:15

Hello, I decided to decrypt Laravel cookies without actually using it. I looked at how they are decrypted in their file and wrote an analogue:

function decrypt($payload = 'cookie')
{
    global $key;
    $payload = getJsonPayload($payload);
    $payload['value'];
    $iv = base64_decode($payload['iv']);
    echo $decrypted = openssl_decrypt($payload['value'], 'AES-256-CBC', $key, 0, $iv );
}

Everything seems to work, all the data that is encrypted in the database is thus decrypted with a bang. But when I try to decrypt cookies, I get the following story:

67e37f4b5c997344e6d31dfw36ce023260238be6|QxWrlAcjHN7hngfzJK4afyhnCleZaFR6QnafMjwF

I dug everything up, I don’t understand what to do with these values, in theory, the result should be one value (remember_token):

bI3YAIr8pPeW4lWv1bZ1cSFTqhN3firZIdoFEZMUwNol4D42f7dGJAZfn0Qu

which is stored in the user database, but something goes wrong.

I understand that I am most likely doing a perversion and it would be easier to do it through Laravel, but still I will be very grateful for the help.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

G

Gil Galad, 2021-09-23
@Gil Galad

According to src/Illuminate/Cookie/Middleware/EncryptCookies.php

"67e37f4b5c997344e6d31dfw36ce023260238be6|" === hash_hmac('sha1', $cookieName'v2', $key).'|';

But! You want to get a remember_token and it's randomly generated in src/Illuminate/Auth/SessionGuard.php Unrelated data is shorter.
$user->setRememberToken($token = Str::random(60));