Skip to content

Instantly share code, notes, and snippets.

@cktricky

cktricky/django_session_deobfuscation.py

Last active August 29, 2015 14:02
Show Gist options
  • Save cktricky/52303c10d1d00b324c86 to your computer and use it in GitHub Desktop.
Save cktricky/52303c10d1d00b324c86 to your computer and use it in GitHub Desktop.
Download ZIP
Django Session Deobfuscation
Raw
django_session_deobfuscation.py
import re
import zlib
import base64
import pickle
orig_session_id = ".eJxrYKotZNQIFYpPLC3JiC8tTi2KT0pMzk7NSylkCtVMyUrMS8_XS87PKynKTNIDqdGDShfr-eanpOY4QRUzh_IiGZGZUsjizVyqBwA9cCGB:1WrtB4:7bnqeUSJ2mJCPeyPA0FcskLq0m0"
def b64_decode(s):
number = (-len(s) % 4)
pad = number * "="
return base64.urlsafe_b64decode(s + pad)
cookie = orig_session_id.split(":")[0]
decoded_data = b64_decode(cookie)
uncompressed_data = zlib.decompress(decoded_data)
plain_text_cookie = pickle.loads(uncompressed_data)
print plain_text_cookie
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment