So as the title dictate, i'm trying to decrypt the session id of a laravel app usgin nodeJs. but i keep getting this error when i try to unserialize the data:
SyntaxError: Unknown / Unhandled data type(s): at error (C:\V12Projects\craiglist\node_modules\php-unserialize\php-unserialize.js:54:13)
My main code is the following:
let session = cookie.parse(req.headers.cookie).laravel_session;
let sessionKey = getSessionKey(session, process.env.APP_KEY);
My helper function 'getSessionKey' is as follow:
getSessionKey = function(laravelSession, laravelKey, keyLength) {
keyLength = keyLength || 32;
let cypher = 'aes-' + keyLength * 8 + '-cbc'; // + '-cbc'
//Get session object
laravelSession = new Buffer(laravelSession, 'base64');
laravelSession = laravelSession.toString();
laravelSession = JSON.parse(laravelSession);
//Create key buffer
laravelKey = new Buffer(laravelKey, 'base64');
//crypto required iv in binary or buffer
laravelSession.iv = new Buffer(laravelSession.iv, 'base64');
laravelSession.value = new Buffer(laravelSession.value, 'base64')
//create decoder
let decipher = crypto.createDecipheriv(cypher, laravelKey, laravelSession.iv);
decipher.setAutoPadding(false);
//let decoded = decoder.update(laravelSession.value, 'base64');
let decoded = Buffer.concat([decipher.update(laravelSession.value), decipher.final()], 'base64');
//the error happens in the line below
let sessionId = PHPUnserialize.unserialize(decoded.toString('ascii'));
return sessionId;
}
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire