Class: Ronin::Web::CLI::Commands::SessionCookie Private

Inherits:
Ronin::Web::CLI::Command show all
Includes:
CommandKit::Options::Verbose, CommandKit::Printing::Indent
Defined in:
lib/ronin/web/cli/commands/session_cookie.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Parses and deserializes various session cookie formats.

Usage

ronin-web session_cookie [options] {URL | COOKIE}

Options

-v, --verbose                    Enables verbose output
-F, --format ruby|json|yaml      The format to print the session cookie params (Default: ruby)
-h, --help                       Print help information

Arguments

URL | COOKIE                     The URL or the session cookie to parse

Since:

  • 2.0.0

Instance Method Summary collapse

Instance Method Details

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Fetches the session cookie from the URL.

Parameters:

  • url (String)

    The URL to request.

Returns:

  • (Ronin::Web::SessionCookie::Django, Ronin::Web::SessionCookie::JWT, Ronin::Web::SessionCookie::Rack, nil)

    The parses session cookie.

Since:

  • 2.0.0



108
109
110
111
112
113
114
115
116
117
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 108

def fetch_session_cookie(url)
  response = begin
               Support::Network::HTTP.get(url)
             rescue => error
               print_error "failed to request URL (#{url.inspect}): #{error.message}"
               exit(-1)
             end

  Web::SessionCookie.extract(response)
end

#format_params(params) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Formats the params based on the --format option.

Since:

  • 2.0.0



245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 245

def format_params(params)
  case options[:format]
  when :ruby
    require 'pp'
    params.pretty_print_inspect
  when :json
    require 'json'
    JSON.pretty_generate(params)
  when :yaml
    require 'yaml'
    YAML.dump(params)
  else
    raise(NotImplementedError,"unsupported format: #{options[:format].inspect}")
  end
end

#parse_session_cookie(cookie) ⇒ Ronin::Web::SessionCookie::Django, ...

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parses a session cookie.

Parameters:

  • cookie (String)

    The session cookie to parse.

Returns:

  • (Ronin::Web::SessionCookie::Django, Ronin::Web::SessionCookie::JWT, Ronin::Web::SessionCookie::Rack, nil)

    The parses session cookie.

Since:

  • 2.0.0



128
129
130
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 128

def parse_session_cookie(cookie)
  Web::SessionCookie.parse(cookie)
end

#print_django_session_cookie(session_cookie) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints a Django session cookie.

Parameters:

  • session_cookie (Ronin::Web::SessionCookie::Django)

Since:

  • 2.0.0



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 160

def print_django_session_cookie(session_cookie)
  if verbose?
    puts "Type: Django"
    puts "Params:"
    puts

    indent do
      print_params(session_cookie.params)
    end
    puts

    puts "Salt: #{session_cookie.salt}"
    puts "HMAC: #{Support::Encoding::Hex.quote(session_cookie.hmac)}"
  else
    print_params(session_cookie.params)
  end
end

#print_jwt_session_cookie(session_cookie) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints a JWT session cookie.

Parameters:

  • session_cookie (Ronin::Web::SessionCookie::JWT)

Since:

  • 2.0.0



183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 183

def print_jwt_session_cookie(session_cookie)
  if verbose?
    puts "Type: JWT"
    puts "Header:"
    puts

    indent do
      print_params(session_cookie.header)
    end
    puts

    puts "Params:"
    puts

    indent do
      print_params(session_cookie.params)
    end
    puts

    puts "HMAC: #{Support::Encoding::Hex.quote(session_cookie.hmac)}"
  else
    print_params(session_cookie.params)
  end
end

#print_params(params) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints the session cookie params as JSON.

Parameters:

  • params (Hash)

    The params to print.

Since:

  • 2.0.0



236
237
238
239
240
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 236

def print_params(params)
  format_params(params).each_line do |line|
    puts line
  end
end

#print_rack_session_cookie(session_cookie) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints a Rack session cookie.

Parameters:

  • session_cookie (Ronin::Web::SessionCookie::Rack)

Since:

  • 2.0.0



213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 213

def print_rack_session_cookie(session_cookie)
  if verbose?
    puts "Type: Rack"
    puts "Params:"
    puts

    indent do
      print_params(session_cookie.params)
    end
    puts

    puts "HMAC: #{session_cookie.hmac}"
  else
    print_params(session_cookie.params)
  end
end

#print_session_cookie(session_cookie) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Prints a session cookie.

Parameters:

  • session_cookie (Ronin::Web::SessionCookie::Django, Ronin::Web::SessionCookie::JWT, Ronin::Web::SessionCookie::Rack)

Raises:

  • (NotImplementedError)

    The session cookie was not Ronin::Web::SessionCookie::Django, Ronin::Web::SessionCookie::JWT, or Ronin::Web::SessionCookie::Rack.

Since:

  • 2.0.0



142
143
144
145
146
147
148
149
150
151
152
153
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 142

def print_session_cookie(session_cookie)
  case session_cookie
  when Web::SessionCookie::Django
    print_django_session_cookie(session_cookie)
  when Web::SessionCookie::JWT
    print_jwt_session_cookie(session_cookie)
  when Web::SessionCookie::Rack
    print_rack_session_cookie(session_cookie)
  else
    raise(NotImplementedError,"cannot print session cookie: #{session_cookie.inspect}")
  end
end

#run(arg) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Runs the ronin-web session-cookie command.

Parameters:

  • arg (String)

Since:

  • 2.0.0



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/ronin/web/cli/commands/session_cookie.rb', line 83

def run(arg)
  session_cookie = if arg.start_with?('https://') ||
                      arg.start_with?('http://')
                     fetch_session_cookie(arg)
                   else
                     parse_session_cookie(arg)
                   end

  if session_cookie
    print_session_cookie(session_cookie)
  else
    print_error "no session cookie found"
    exit(-1)
  end
end