Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Safari 5.1 cookie format specs

Tags:

cookies

safari

the way of storing cookie for SAFARI has changed whith SAFARI 5.1 and that they add a kind of integrity control code in the last 8 bytes of the file :

The file is %APPDATA%\Apple Computer\Safari\Cookies\Cookies.binarycookies

Does anybody know what s the last 8 bytes corresponds to ?

CRC32 check ?

Please help

like image 589
user382591 Avatar asked Sep 25 '11 13:09

user382591

1 Answers

Cookie.binarycookies:

I think this will be helpful. I reversed engineer the file with an hex-editor and start changing the cookies.

General description:

The file is composed of several pages, each one can have one or more cookies inside. Each page has a header, which is variable, 0x10, 0x14 and 0x1c are common values we can see.

File:

The file start with an 4 bytes header that is of no interest.

The next 4 bytes are of real interest because they indicate the number of pages there are in the file.

Then we have the length of each page, also represented by an 4 byte number. It's important to know that all these numbers are written in big-endian. So, we have 4*number of pages of bytes and then the pages.

We have 8 bytes at the end which also are of no interest.

Page:

Each page has a header whose length can change from one page to another. To know the length of the header, we must discard the first five bytes and the next 4 bytes will indicate the length of the header.

Following the header we will have the length of the cookie represented by 4 bytes, ordered in little-endian! This length also includes the 4 bytes needed for representing the length.

When this cookie ends another will start and so on to the end of the page.

Cookie:

The date of each cookies starts at 0x2B. The date is composed by 4 bytes ordered in little-endian. The date is represented in seconds but not since epoch so we need to subtract this number: 1706047360. (It only works for until some day in 2017)

The next field of interest starts from 0x38. This fields are dynamic fields so they are separated by an NULL “0x00” byte and are in this order: name, value, url, path.

Example:

http://i52.tinypic.com/2qcqix2.jpg

The length of the entire cookie will be 0x82. Next to this cookie will start another one in exactly the same format if corresponds with the page length.

like image 56
AGG88 Avatar answered Nov 03 '22 03:11

AGG88
Sign in to Comment

Related questions

Why is rails constantly sending back a Set-Cookie header?
Delete cookie on clicking sign out
How to delete cookie on codeigniter
SameSite cookies, frames, sub domains and redirections
Sharing cookies across different domains and different applications (classic ASP and ASP.NET)
Do websites like Facebook store logged in users in cookies or sessions?
jquery cookie set value to boolean true
CodeIgniter session class not working in Chrome
Why the browser doesn't send cookies while requesting a JavaScript file?
Access values from cookies using sencha extjs
ASP.NET Identity 2.0 decrypt Owin cookie
Fetch, set-cookies and csrf
How to set the Google Analytics cookie only after another consent cookie is set and "true"?
How to set cookie in Jersey?
One Cookie - Multiple Pages
Unable to log in to ASP.NET website with requests module of Python
Setting up cookies for Guzzle CookieJar
How to log into Facebook programmatically using Java?
CookieManager for multiple threads
RabbitMQ node authentification failed after changing cookie file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!