'Hacking' Rails session

One of important security attack vector in web applications is cookie session content. Rails security guide gives all relevant information which data could be stored in cookie session.
I will explain how you could obtain cookie session object content (I learned about that from this blog post). First, get the application cookie. Hit F12 in Chrome, switch to network tab, log in to application that you are testing and select POST authentication request. In response object find Set-Cookie header, and copy cookie value. Cookie ends with ';' character.
Start irb, Ruby interpreter. First decode cookie string value, and then de-marshal it. Here is Ruby code:  

1: require 'base64'
2: plain = Base64.decode64(cookie)
3: data = Marshal.load(plain)

Tip: if you get exception in third line, you need to include with require statement package that contains reported class.

data is Ruby hash object that represents Rails session.

Labels: ,