I've just caught a crash reported on sentry, I am trying to debug and see the root cause for the problem.
Luckily, in the cookies panel, I can see the laravel_session
value that was used while crash happened.
The question, is, how can decrypt the cookie?
Decrypt the cookie and check the digest: Decrypt de key of the cookie: do Base64 decoding, then decrypt it using your institution's private RSA key. Decrypt the data using the decrypted AES key. Check the digest using secutix public certificate. The following example in java will show you how to proceed.
Encrypted Cookies This adds a layer of protection since the browser client can't decrypt the data. This makes it so that HTTP cookies are meaningful only to the back-end application. Server-side encryption adds more protection because the client can't sniff the cookies.
A secure cookie can only be transmitted over an encrypted connection (i.e. HTTPS). They cannot be transmitted over unencrypted connections (i.e. HTTP).
You can decrypt the cookie with the following code:
$cookie = 'eyJpdiI6ImFUQ0FvMWFSVlNvTmhlQjdLWGw1Z1E9PSIsInZhbHVlIjoicFh6Q09iTDl0K0huWU1Nc1NYVmxSY2hPRGU5Vk85dDJyYUpRbUVjRWg5R0JxYkVobkF3YkZVcVQrakFFUmxaVnZrTjFST3F3RTZ4akpDZEpvUFJiQXc9PSIsIm1hYyI6IjlhYmJhMTY3MWMxYWI3YjJmNmFjMmNkZWE0MWZmMmVhNTNiMjI5ZWY3NzUwNzQ0ZjAzMGQ1ZGU0YzVhNjJmZGYifQ==';
$cookie_contents = json_decode( base64_decode( $cookie, true ));
$value = base64_decode( $cookie_contents->value );
$iv = base64_decode( $cookie_contents->iv );
$clear = unserialize( \openssl_decrypt($value, \Config::get( 'app.cipher' ), \Config::get( 'app.key' ), OPENSSL_RAW_DATA, $iv));
echo "Cookie contents (Session ID): $clear\n";
You should end up with a session ID that looks something like this:
I didn't test with Laravel 5.3, but I'm confident it will work.
When using this code, make sure you paste the entire contents of the cookie into the $cookie
variable, including the two equals signs at the end.
For laravel 6 I think it's pretty much the same
$base64_key = "base64:ISAcSPwQ0HDqqLygaS9LyPzs5ZujMAKOjBou+gyz9sw=";
$payload = json_decode(base64_decode($_COOKIE["your_cookie_name"]), true);
$iv = base64_decode($payload['iv']);
$key = base64_decode(substr($base64_key, 7));
$sessionId = openssl_decrypt($payload['value'], 'AES-256-CBC', $key, 0, $iv);
echo "Session Id: $sessionId";
But check few things:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With