Created
January 4, 2025 11:09
-
-
Save buncis/16931235d110cd8aca5cdd7890e0bff9 to your computer and use it in GitHub Desktop.
rails session decryptor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def decrypt_cookie(cookie) | |
| cookie = CGI.unescape(cookie) | |
| data, iv, auth_tag = cookie.split("--").map { |v| Base64.strict_decode64(v) } | |
| raise InvalidMessage if (auth_tag.nil? || auth_tag.bytes.length != 16) | |
| cipher = OpenSSL::Cipher.new("aes-256-gcm") | |
| secret = OpenSSL::PKCS5.pbkdf2_hmac( | |
| Rails.application.secret_key_base, | |
| Rails.configuration.action_dispatch.authenticated_encrypted_cookie_salt, | |
| 1000, | |
| cipher.key_len, | |
| Rails.configuration.active_support.hash_digest_class.new | |
| ) | |
| # Setup cipher for decryption and add inputs | |
| cipher.decrypt | |
| cipher.key = secret | |
| cipher.iv = iv | |
| cipher.auth_tag = auth_tag | |
| cipher.auth_data = "" | |
| # Perform decryption | |
| cookie_payload = cipher.update(data) | |
| cookie_payload << cipher.final | |
| cookie_payload = JSON.parse(cookie_payload) | |
| JSON.parse(Base64.decode64(cookie_payload["_rails"]["message"])) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
taken from here discussion in here https://gist.github.com/wildjcrt/6359713fa770d277927051fdeb30ebbf?permalink_comment_id=4565360#gistcomment-4565360