Decrypt Rails 4 session cookies

cookie.rb

#!/usr/bin/env ruby

require 'thor'
require 'active_support/all'
require 'cgi'
require 'awesome_print'

class Inspector < Thor
  def self.exit_on_failure?
    true
  end


  desc "decrypt [COOKIE]", "Decrypt and display session cookie details"
  option :encrypted_cookie_salt, type: :string, default: 'encrypted cookie'
  option :encrypted_signed_cookie_salt, type: :string, default: 'signed encrypted cookie'
  option :iterations, type: :numeric, default: 1000
  option :secret, type: :string, required: true
  option :serializer, type: :string, enum: ['JSON', 'Marshal'], default: 'JSON'
  def decrypt(encrypted_cookie = nil)
    encrypted_cookie ||= $stdin.read.chomp
    message = CGI.unescape(encrypted_cookie)

    decrypted_cookie = encryptor.decrypt_and_verify(message)

    if $stdout.tty?
      ap decrypted_cookie
    else
      puts JSON.generate(decrypted_cookie)
    end
  end

  desc "encrypt [DATA]", "Encrypt and display session cookie"
  option :encrypted_cookie_salt, type: :string, default: 'encrypted cookie'
  option :encrypted_signed_cookie_salt, type: :string, default: 'signed encrypted cookie'
  option :iterations, type: :numeric, default: 1000
  option :secret, type: :string, required: true
  option :serializer, type: :string, enum: ['JSON', 'Marshal'], default: 'JSON'
  def encrypt(data = nil)
    data ||= $stdin.read.chomp
    encrypted_data = encryptor.encrypt_and_sign(data)
    message = CGI.escape(encrypted_data)

    puts message
  end


  private


  def encryptor
    key_generator = ActiveSupport::KeyGenerator.new(options.fetch('secret'), iterations: options.fetch('iterations'))
    secret = key_generator.generate_key(options.fetch('encrypted_cookie_salt'))
    sign_secret = key_generator.generate_key(options.fetch('encrypted_signed_cookie_salt'))
    ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: options.fetch('serializer').constantize)
  end
end

Inspector.start(ARGV)

Run with:

export SECRET="COOKIE-SECRET-KEY"

ruby cookie.rb decrypt "ENCRYPTED-AND-ENCODED-COOKIE-TEXT-FROM-BROWSER--123123123123" --secret $SECRET
echo "ENCRYPTED-AND-ENCODED-COOKIE-TEXT-FROM-BROWSER--123123123123" | ruby cookie.rb decrypt --secret $SECRET

ruby cookie.rb encrypt "{\"a\":1}" --secret $SECRET
echo "{\"a\":1}" | ruby cookie.rb encrypt --secret $SECRET