Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reverse engineering Javascript behind Google+ button

Tags:

javascript

I am trying to simulate google+ button.In Somepart of code at LINK,It converts the session id into Some kinda hash.What i found is session id name is SAPISID and the converted hash name is SAPISIDHASH , Can anyone tell me which part of code does the hash part . Any help will be appreciated.i have spent 6 hours straight , still no clue :(

For Example VUOyLIU22fNPz2ko/AbGsxW03_WHoGjaJq is SAPISID and f17aa630b9b9a105dad437b0fedcafe429f6fca2 is SAPISIDHASH . In php i tried all kind of hash..nothing matches.

like image 452
user2449384 Avatar asked Jun 03 '13 23:06

user2449384


1 Answers

VICTORY! Well for me at least 😛. The SAPISIDHASH I was looking for was the one in the API console. Automation for rather large job, totally legitimate. The one I found was a SHA1 on the current JavaScript milliseconds timestamp plus your current SAPISID from your cookie plus the domain origin. In order for my request to work I had to include the following headers in the request:

Authorization:SAPISIDHASH 1439879298823_<hidden sha1 hash value>

and:

X-Origin:https://console.developers.google.com

The first header I assume tells the server your timestamp and your SHA1 value. The second (breaks if you don't include it) tells it the origin to use in the SHA1 algorithm. I found the algorithm by digging through and debugging the hell out of tons of minified JS NOTE there are spaces appended between the values. The psuedo code is basically:

sha1(new Date().getTime() + ' ' + SAPISID + ' ' + origin);

That is at least how I got my SAPISIDHASH value in my use case here in 2015 (few years later I know)... different from yours but maybe I will help some other young good hacker out there one day.

like image 142
Dave Thomas Avatar answered Sep 23 '22 04:09

Dave Thomas