ronald/timebank-cc-public
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
timebank-cc-public/test-session-manipulation.php
Ronald Huynen 2547717edb Initial commit
2026-03-23 21:37:59 +01:00

70 lines
2.1 KiB
PHP
Raw Permalink Blame History

#!/usr/bin/env php
<?php
/**
* Session Manipulation Tool for Security Testing
*
* This script helps manipulate Laravel session data for IDOR testing
* as described in references/MANUAL_SECURITY_TESTING_CHECKLIST.md
*
* Usage:
* php test-session-manipulation.php [session_id] [profile_id] [profile_type]
*
* Example:
* php test-session-manipulation.php "your-session-id" 2 "App\\Models\\User"
*/
require __DIR__.'/vendor/autoload.php';
$app = require_once __DIR__.'/bootstrap/app.php';
$app->make('Illuminate\Contracts\Console\Kernel')->bootstrap();
if ($argc < 4) {
echo "Usage: php test-session-manipulation.php [session_id] [profile_id] [profile_type]\n";
echo "\nExample:\n";
echo " php test-session-manipulation.php \"abc123\" 2 \"App\\\\Models\\\\User\"\n";
echo "\nTo get your session ID:\n";
echo " 1. Login to the app\n";
echo " 2. Open DevTools → Storage → Cookies\n";
echo " 3. Copy the value of 'laravel_session' cookie\n";
exit(1);
}
$sessionId = $argv[1];
$newProfileId = $argv[2];
$newProfileType = $argv[3];
// Decode the session ID (Laravel encrypts cookies)
$encrypter = app('encrypter');
try {
$decodedSessionId = $encrypter->decrypt($sessionId, false);
} catch (\Exception $e) {
echo "ERROR: Could not decrypt session ID. Make sure you copied the entire cookie value.\n";
echo "Error: " . $e->getMessage() . "\n";
exit(1);
}
// Get session store
$session = app('session.store');
// Load the session
$session->setId($decodedSessionId);
$session->start();
echo "Current session data:\n";
echo " activeProfileId: " . ($session->get('activeProfileId') ?? 'NOT SET') . "\n";
echo " activeProfileType: " . ($session->get('activeProfileType') ?? 'NOT SET') . "\n";
echo "\n";
// Manipulate session
$session->put('activeProfileId', $newProfileId);
$session->put('activeProfileType', $newProfileType);
$session->save();
echo "Session manipulated successfully!\n";
echo " NEW activeProfileId: $newProfileId\n";
echo " NEW activeProfileType: $newProfileType\n";
echo "\n";
echo "Now refresh your browser to see the changes.\n";
echo "WARNING: This is for security testing only!\n";
Reference in New Issue View Git Blame Copy Permalink