Class: Ronin::Web::SessionCookie::Django
- Defined in:
- lib/ronin/web/session_cookie/django.rb
Overview
Represents a Django signed session cookie (JSON or Pickle serialized).
Examples
Parse a Django JSON session cookie:
Ronin::Web::SessionCookie.parse('sessionid=eyJmb28iOiJiYXIifQ:1pQcTx:UufiSnuPIjNs7zOAJS0UpqnyvRt7KET7BVes0I8LYbA')
# =>
# #<Ronin::Web::SessionCookie::Django:0x00007f29bb9c6b70
# @hmac=
# "R\xE7\xE2J{\x8F\"3l\xEF3\x80%-\x14\xA6\xA9\xF2\xBD\e{(D\xFB\x05W\xAC\xD0\x8F\va\xB0",
# @params={"foo"=>"bar"},
# @salt=1676070425>
Parse a Django Pickled session cookie:
Ronin::Web::SessionCookie.parse('sessionid=gAWVEAAAAAAAAAB9lIwDZm9vlIwDYmFylHMu:1pQcay:RjaK8DKN4xXQ_APIXXWEyFS08Q-PGo6UlRBFpedFk9M')
# =>
# #<Ronin::Web::SessionCookie::Django:0x00007f29b7aa6dc8
# @hmac=
# "F6\x8A\xF02\x8D\xE3\x15\xD0\xFC\x03\xC8]u\x84\xC8T\xB4\xF1\x0F\x8F\x1A\x8E\x94\x95\x10E\xA5\xE7E\x93\xD3",
# @params={"foo"=>"bar"},
# @salt=1676070860>
Constant Summary collapse
- REGEXP =
Regular expression to match Django session cookies.
/\A(?:sessionid=)?#{URL_SAFE_BASE64_REGEXP}:#{URL_SAFE_BASE64_REGEXP}:#{URL_SAFE_BASE64_REGEXP}\z/
Constants inherited from Cookie
Cookie::STRICT_BASE64_REGEXP, Cookie::URI_ENCODED_BASE64_REGEXP, Cookie::URL_SAFE_BASE64_REGEXP
Instance Attribute Summary collapse
-
#hmac ⇒ String
readonly
The SHA256 HMAC of the Base64 encoded serialized Cookie#params.
-
#salt ⇒ Integer
readonly
The salt used to sign the cookie.
Attributes inherited from Cookie
Class Method Summary collapse
-
.extract(response) ⇒ Django?
Extracts the Django session cookie from the HTTP response.
-
.identify?(string) ⇒ Boolean
Identifies if the cookie is a Django session cookie.
-
.parse(string) ⇒ Django
Parses a Django session cookie.
Instance Method Summary collapse
-
#initialize(params, salt, hmac) ⇒ Django
constructor
private
Initializes the Django cookie.
Methods inherited from Cookie
Constructor Details
#initialize(params, salt, hmac) ⇒ Django
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Initializes the Django cookie.
85 86 87 88 89 90 |
# File 'lib/ronin/web/session_cookie/django.rb', line 85 def initialize(params,salt,hmac) super(params) @salt = salt @hmac = hmac end |
Instance Attribute Details
#hmac ⇒ String (readonly)
The SHA256 HMAC of the Base64 encoded serialized Cookie#params.
69 70 71 |
# File 'lib/ronin/web/session_cookie/django.rb', line 69 def hmac @hmac end |
#salt ⇒ Integer (readonly)
The salt used to sign the cookie.
62 63 64 |
# File 'lib/ronin/web/session_cookie/django.rb', line 62 def salt @salt end |
Class Method Details
.extract(response) ⇒ Django?
Extracts the Django session cookie from the HTTP response.
156 157 158 159 160 161 162 163 164 |
# File 'lib/ronin/web/session_cookie/django.rb', line 156 def self.extract(response) if ( = response['Set-Cookie']) = .split(';',2).first if identify?() return parse() end end end |
.identify?(string) ⇒ Boolean
Identifies if the cookie is a Django session cookie.
107 108 109 |
# File 'lib/ronin/web/session_cookie/django.rb', line 107 def self.identify?(string) string =~ REGEXP end |
.parse(string) ⇒ Django
Parses a Django session cookie.
122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 |
# File 'lib/ronin/web/session_cookie/django.rb', line 122 def self.parse(string) # remove any 'sessionid' prefix. string = string.sub(/\Asessionid=/,'') # split the cookie params, salt, hmac = string.split(':',3) params = Support::Encoding::Base64.decode(params, mode: :url_safe) params = if params.start_with?('{') && params.end_with?('}') # JSON serialized cookie JSON.parse(params) else # unpickle the Python Pickle serialized session cookie Python::Pickle.load(params) end salt = Support::Encoding::Base62.decode(salt) hmac = Support::Encoding::Base64.decode(hmac, mode: :url_safe) return new(params,salt,hmac) end |