Class: Ronin::Web::SessionCookie::Rack

Inherits:
Cookie
  • Object
show all
Defined in:
lib/ronin/web/session_cookie/rack.rb

Overview

Represents a Rack session cookie.

Examples

Ronin::Web::SessionCookie.parse('rack.session=BAh7CEkiD3Nlc3Npb25faWQGOgZFVG86HVJhY2s6OlNlc3Npb246OlNlc3Npb25JZAY6D0BwdWJsaWNfaWRJIkUyYWJkZTdkM2I0YTMxNDE5OThiYmMyYTE0YjFmMTZlNTNlMWMzYWJlYzhiYzc4ZjVhMGFlMGUwODJmMjJlZGIxBjsARkkiCWNzcmYGOwBGSSIxNHY1TmRCMGRVaklXdjhzR3J1b2ZhM2xwNHQyVGp5ZHptckQycjJRWXpIZz0GOwBGSSINdHJhY2tpbmcGOwBGewZJIhRIVFRQX1VTRVJfQUdFTlQGOwBUSSItOTkxNzUyMWYzN2M4ODJkNDIyMzhmYmI5Yzg4MzFmMWVmNTAwNGQyYwY7AEY%3D--02184e43850f38a46c8f22ffb49f7f22be58e272')
# =>
# #<Ronin::Web::SessionCookie::Rack:0x00007ff67455ee30
#  @params=
#   {"session_id"=>"2abde7d3b4a3141998bbc2a14b1f16e53e1c3abec8bc78f5a0ae0e082f22edb1",
#    "csrf"=>"4v5NdB0dUjIWv8sGruofa3lp4t2TjydzmrD2r2QYzHg=",
#    "tracking"=>{"HTTP_USER_AGENT"=>"9917521f37c882d42238fbb9c8831f1ef5004d2c"}}>

See Also:

Constant Summary collapse

REGEXP =

Regular expression to match Rack session cookies.

/\A(rack\.session=)?(?:#{STRICT_BASE64_REGEXP}|#{URI_ENCODED_BASE64_REGEXP})--[0-9a-f]{40}\z/

Constants inherited from Cookie

Cookie::STRICT_BASE64_REGEXP, Cookie::URI_ENCODED_BASE64_REGEXP, Cookie::URL_SAFE_BASE64_REGEXP

Instance Attribute Summary collapse

Attributes inherited from Cookie

#params

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Cookie

#[], #each, #has_key?, #to_h

Constructor Details

#initialize(params, hmac) ⇒ Rack

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes the parsed Rack session cookie.

Parameters:

  • params (Hash{String => Object})

    The parsed params for the session cookie.

  • hmac (String)

    The HMAC for the serialized and Base64 encoded session cookie.



63
64
65
66
67
 
# File 'lib/ronin/web/session_cookie/rack.rb', line 63

def initialize(params,hmac)
  super(params)

  @hmac = hmac
end

Instance Attribute Details

#hmacString (readonly)

The HMAC for the deserialized and Base64 encoded session cookie.

Returns:

  • (String) 


50
51
52
 
# File 'lib/ronin/web/session_cookie/rack.rb', line 50

def hmac
  @hmac
end

Class Method Details

.extract(response) ⇒ Rack?

Extracts the Rack session cookie from the HTTP response.

Parameters:

  • response (Net::HTTPResponse)

    The HTTP response object.

Returns:

  • (Rack, nil)

    The parsed Rack session cookie, or nil if there was no Set-Cookie header containing a Rack session cookie.



119
120
121
122
123
124
125
126
127
 
# File 'lib/ronin/web/session_cookie/rack.rb', line 119

def self.extract(response)
  if (set_cookie = response['Set-Cookie'])
    cookie = set_cookie.split(';',2).first

    if identify?(cookie)
      return parse(cookie)
    end
  end
end

.identify?(string) ⇒ Boolean

Identifies if the cookie is a Rack session cookie.

Parameters:

  • string (String)

    The raw session cookie value to identify.

Returns:

  • (Boolean)

    Indicates whether the session cookie is a Rack session cookie.



83
84
85
 
# File 'lib/ronin/web/session_cookie/rack.rb', line 83

def self.identify?(string)
  string =~ REGEXP
end

.parse(string) ⇒ Rack

Parses a Django session cookie.

Parameters:

  • string (String)

    The raw session cookie string to parse.

Returns:

  • (Rack)

    The parsed and deserialized session cookie



98
99
100
101
102
103
104
105
 
# File 'lib/ronin/web/session_cookie/rack.rb', line 98

def self.parse(string)
  # remove any 'rack.session' prefix.
  string = string.sub(/\Arack\.session=/,'')

  payload, hmac = string.split('--',2)

  return new(Marshal.load(Base64.decode64(payload)),hmac)
end