PHP令牌生成编码/解码
[英]PHP Token generation encoding/decoding
问题描述
Part of a favor for a friend i am reviewing his site which is php. 
对朋友的青睐,我正在审查他的网站,它是php的一部分。 I would like to test his session tokens generation functions but i don't have access to the source code. 我想测试他的会话令牌生成功能,但是我无法访问源代码。 For this reason i am obtaining a number of tokens, attempting to find correlation between them and analyze them using Burp. 由于这个原因,我获得了许多标记,试图找到它们之间的相关性并使用Burp分析它们。 The one thing that i haven't conclude yet is if the tokens are encrypted or not and of course if they are encrypted i am looking at a completely different approach. 我尚未得出结论的一件事是令牌是否已加密,当然,如果令牌已加密,我正在寻找一种完全不同的方法。 The tokens i get for each request i make are the following: 我为我提出的每个请求获取的令牌如下:
- __utma numeric value __utma数值
- __utm numeric value __utm数值
- __utmc numeric value __utmc数值
- __utmz numeric value __utmz数值
and a final one named 32b7e298af200c063ff686fa5dc74c3f with the value 44822a2f5e3db0931da0c444fa50a96a 最后一个名为32b7e298af200c063ff686fa5dc74c3f的值是44822a2f5e3db0931da0c444fa50a96a
I dont care about the first 3 tokens since they are default tokens since they are used for Google analytics purposes. 我不关心前三个令牌,因为它们是默认令牌,因为它们用于Google Analytics(分析)目的。 For the last token is it possible to decode it and can you identify the encoding scheme used? 对于最后一个令牌,可以对其进行解码,并且您可以确定所使用的编码方案吗?
I dont mind posting the actual tokens here since i am not registered as a user in the first place and the site is still at development stage for error detection. 我不介意在此处发布实际的令牌,因为我首先没有注册为用户,并且该站点仍处于开发阶段以进行错误检测。
thank you in advance 先感谢您
1 个解决方案
解决方案1
2 已采纳 2013-07-09 09:13:33
PHP Session ids are random hashes. PHP会话ID是随机哈希。 There is nothing to decrypt at all. 根本没有要解密的东西。
The actual session data is stored on the server side - the session id/token only identifies the session so PHP knows which session data to retrieve. 实际的会话数据存储在服务器端-会话ID /令牌仅标识会话,因此PHP知道要检索的会话数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.