解密大猩猩会话Cookie数据

huangapple go评论128阅读模式
英文:

Decrypting Gorilla Sessions Cookie Data

问题

首先,让我先说一下,我正在参加一个夺旗比赛,我在与一个与Go Gorilla Sessions相关的问题上遇到了一些困难。我从未用过Go语言编程,所以这很有趣,但也很令人沮丧 解密大猩猩会话Cookie数据

我有一个秘钥。我有一个编码的Cookie。我需要使用我拥有的秘钥解码Cookie,编辑其中的任何数据,并使用修改后的数据重新加密,以便在挑战中取得进展。

我已经阅读了Gorilla Sessions包的文档,但没有得到太多帮助。

有人可以帮助我吗?我应该从哪里开始?

英文:

Firstly, let me preface by saying I'm taking part in a Capture the Flag contest and I'm having some difficulty with a question related to Go Gorilla Sessions. I've never coded in Go, so this is fun, and frustrating 解密大猩猩会话Cookie数据

I have a secret key. I have an encoded Cookie. I need to decode the cookie, using the secret key I have, edit whatever data is in there, and re-encrypt with my altered data to progress in the challenge.

I've read the Gorilla Sessions Package documentation and not really getting any help.

Can anyone assist, where do I start?

答案1

得分: 2

看着文档,Gorilla提供了一个安全的cookie包。根据你的应用程序架构,一个基本的实现可以按照以下方式工作:

创建一个用于应用程序的会话管理包。举个例子,我们称之为sessionmngr

sessionmngr中,导入"github.com/gorilla/securecookie"

sessionmngr包中,使用小写的init()函数来设置一个securecookie的私有实例。一旦导入了一个包,小写的init()函数会按照声明的顺序被调用。(查看语言规范获取更多信息)。你将使用这个实例来对来自标准库的http.Request的cookie进行编码和解码。

import (
    "github.com/gorilla/securecookie"      
    
    //你以后会用到这个
    "http" 
)

//声明私有的secure cookie 
var s *securecookie.SecureCookie

//在这里初始化它(从Gorilla文档示例中获取)
func init() {
    var hashKey = []byte("very-secret")
    var blockKey = []byte("a-lot-secret")
    s = securecookie.New(hashKey, blockKey)
}

然后你将在整个包中使用s来对需要编码和解码cookie的值的函数进行操作。securecookie包文档提供了一个样板示例。

为了满足读取和修改已加密cookie的要求,使用上面示例中设置的securecookie实例上的DecodeEncode方法。

类似这样---

func DecodeAndModify(w http.ResponseWriter, r *http.Request) {
    //如果设置了cookie,则获取cookie的引用
    if cookie, err := r.Cookie("cookie-name"); err == nil {

        value := make(map[string]string)
        //使用Decode从cookie中获取值
        if err = s.Decode("cookie-name", cookie.Value, &value); err == nil {
            //以某种方式修改值
            value["newKey"] = "newValue"
            //重新编码
            if encoded, err := s.Encode("cookie-name", value); err == nil {
                cookie := &http.Cookie{
                    Name:  "cookie-name",
                    Value: encoded,
                    Path:  "/",
                }
                http.SetCookie(w, cookie)
            }
        }
    }
}
英文:

Looking at the docs - gorilla provides a secure cookie package.
Depending on your apps architecture - a basic implementation could work as follows:

Create a session management package to be used by your app. For the sake of example - lets call it sessionmngr

Inside of sessionmngr, import "github.com/gorilla/securecookie".

In the sessionmngr package, use a lower case init() function to set up a private instance of securecookie. Once a package is imported, lowercase init() functions are called in the order they are declared. (Check out the language spec for more info). You will use this instance to encode and decode cookies from the standard library's http.Request.

import (
    "github.com/gorilla/securecookie"      
    
    //you will need this later
    "http" 
)

//declare private secure cookie 
var s *securecookie.SecureCookie

//initialize it here (taken from the gorilla docs example)
func init() {
    var hashKey = []byte("very-secret")
    var blockKey = []byte("a-lot-secret")
    s = securecookie.New(hashKey, blockKey)
}

You will then use s throughout the package in functions that need to encode and decode the a cookie's value. The securecookie package documentation provides a boilerplate example.

To meet the requirements of reading and modifying an already encrypted cookie - use the Decode and Encode methods on the instance of securecookie that was setup in the example above.

Something Like ---

func DecodeAndModify(w http.ResponseWriter, r *http.Request) {
	//get reference to cookie if set
	if cookie, err := r.Cookie("cookie-name"); err == nil {

		value := make(map[string]string)
		//use Decode to get the value from the cookie
		if err = s.Decode("cookie-name", cookie.Value, &value); err == nil {
			//modify the value in some way
			value["newKey"] = "newValue"
			//re-encode it
			if encoded, err := s.Encode("cookie-name", value); err == nil {
				cookie := &http.Cookie{
					Name:  "cookie-name",
					Value: encoded,
					Path:  "/",
				}
				http.SetCookie(w, cookie)
			}
		}
	}
}

1: http://www.gorillatoolkit.org/pkg/securecookie "Gorilla secure cookie pkg"
2: https://golang.org/ref/spec#Package_initialization "The Go Programming Language Specification"
3: http://www.gorillatoolkit.org/pkg/securecookie

huangapple
  • 本文由 发表于 2016年9月26日 03:18:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/39690846.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定