cktricky · June 3, 2014 18:10
diff --git a/rails_session_deobfuscation.rb b/rails_session_deobfuscation.rb
 require 'base64'
 require 'cgi'

 orig_session_id = "BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJWViYTgyMTMwYjE3ZmJkMDVmOTI4MTYzYzhjMWI1YTcwBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMVhJblpXL2NQNERnQVZZT0NTeWs5RXJzb2JpNzFOSlJwZ0NVQjlnNWplc3c9BjsARkkiDHVzZXJfaWQGOwBGaQo%3D--be5328b6089949b1a5da6eb3b21e220744705ab8"

 new_session_id = CGI::unescape(orig_session_id).split('--').first

 decoded = Marshal.load(Base64.decode64(new_session_id))

 puts "Deobfuscated cookie: #{decoded}"
	require 'base64'
	require 'cgi'

	orig_session_id = "BAh7CEkiD3Nlc3Npb25faWQGOgZFVEkiJWViYTgyMTMwYjE3ZmJkMDVmOTI4MTYzYzhjMWI1YTcwBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMVhJblpXL2NQNERnQVZZT0NTeWs5RXJzb2JpNzFOSlJwZ0NVQjlnNWplc3c9BjsARkkiDHVzZXJfaWQGOwBGaQo%3D--be5328b6089949b1a5da6eb3b21e220744705ab8"

	new_session_id = CGI::unescape(orig_session_id).split('--').first

	decoded = Marshal.load(Base64.decode64(new_session_id))

	puts "Deobfuscated cookie: #{decoded}"