Sneak peek at the new ronin-web session-cookie command coming in ronin-web-1.1.0:

$ ./bin/ronin-web session-cookie "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}
$ ./bin/ronin-web session-cookie --verbose "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
Type: JWT
Header:

  {
    "alg": "HS256",
    "typ": "JWT"
  }

Params:

  {
    "sub": "1234567890",
    "name": "John Doe",
    "iat": 1516239022
  }

HMAC: "I\xf9J\xc7\x04IH\xc7\x8a(\\\x90O\x87\xf0\xa4\xc7\x89\x7f~\x8f:N\xb2%V\x9dB\xcb0\xe5"

#websecurity #sessioncookies #bugbountyhunters

If you had a command that printed the contents of a serialized session cookie, how would you want to see the deserialized data displayed?
#bugbountyhunters #websec