Skip to content

Instantly share code, notes, and snippets.

@AleksMeshkov

AleksMeshkov/How to decrypt Laravel's sessionID in NodeJS

Last active July 25, 2017 07:23
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AleksMeshkov/10425499 to your computer and use it in GitHub Desktop.
Save AleksMeshkov/10425499 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
How to decrypt Laravel's sessionID in NodeJS
// requirements
var PHPUnserialize = require('php-unserialize'); // npm install php-unserialize
var MCrypt = require('mcrypt').MCrypt; // npm install mcrypt
// helper function
function ord( string ) { // Return ASCII value of character
//
// + original by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
return string.charCodeAt(0);
}
function getSessionIdFromLaravelCookie() {
var cookie = JSON.parse(new Buffer(req.cookies.laravel_session, 'base64'));
var iv = new Buffer(cookie.iv, 'base64');
var value = new Buffer(cookie.value, 'base64');
var key = "_Encryption Key_";
var rijCbc = new MCrypt('rijndael-256', 'cbc');
rijCbc.open(key, iv); // it's very important to pass iv argument!
var decrypted = rijCbc.decrypt(value).toString();
var len = decrypted.length - 1;
var pad = ord(decrypted.charAt(len));
var sessionId = PHPUnserialize.unserialize(decrypted.substr(0, decrypted.length - pad));
return sessionId;
}
@lukrizal
Copy link

I'm having Unexpected token � issue

@carcinocron
Copy link

I'm getting this error:

io=Lq098WajCg26e-b7AAAA; __atuvc=0%7C29%2C0%7C30%2C0%7C31%2C0%7C32%2C4%7C33; laravel_session=eyJpdiI6IjNcLzFUcVlLVjJxSG5Qc1BKN1hxdVwvMXdqc3g0YUsxMVVEcUpPNExNelk5VT0iLCJ2YWx1ZSI6ImpKRDVnQUpqQnU3NG15QQUd2VCbyszTjFYQmMzSkpYNmlqXC9kYVwvVUR5RWRiVUsrUHE0bk1iajJSTmtTRVZGbE5VXC9GY0lrbW5xT3pnanRjM01PWmN3PT0iLCJtYWMiOiI3MjY4ZmIxYmIyMDEzMzA0NTM1N2Q5Y2JkN2ExNjU3ODU5YTFmZWQzMTRjMTYxZmNhMDAyMDVkMDRhNWVjYWYzIn0%3D
Segmentation fault (core dumped)
npm ERR! weird error 139
npm WARN This failure might be due to the use of legacy binary "node"
npm WARN For further explanations, please read
/usr/share/doc/nodejs/README.Debian

on node -v 0.10.37

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment