125 lines
3.4 KiB
Bash
Executable File
125 lines
3.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
##
|
|
# Security Testing Helper Script
|
|
# For manual testing from references/MANUAL_SECURITY_TESTING_CHECKLIST.md
|
|
##
|
|
|
|
set -e
|
|
|
|
echo "=== Security Testing Helper ==="
|
|
echo ""
|
|
|
|
# Function to show current sessions
|
|
show_sessions() {
|
|
echo "Current active sessions:"
|
|
mysql -u timebank_cc_dev -p'zea2A8sd{QA,9^pS*2^@Xcltuk.vgV' timebank_cc_2 <<EOF
|
|
SELECT
|
|
id,
|
|
user_id,
|
|
ip_address,
|
|
last_activity,
|
|
FROM_UNIXTIME(last_activity) as last_active_time
|
|
FROM sessions
|
|
WHERE last_activity > UNIX_TIMESTAMP(DATE_SUB(NOW(), INTERVAL 2 HOUR))
|
|
ORDER BY last_activity DESC
|
|
LIMIT 10;
|
|
EOF
|
|
}
|
|
|
|
# Function to show session data
|
|
show_session_data() {
|
|
local session_id=$1
|
|
echo "Session data for: $session_id"
|
|
mysql -u timebank_cc_dev -p'zea2A8sd{QA,9^pS*2^@Xcltuk.vgV' timebank_cc_2 <<EOF
|
|
SELECT
|
|
id,
|
|
user_id,
|
|
payload
|
|
FROM sessions
|
|
WHERE id = '$session_id';
|
|
EOF
|
|
}
|
|
|
|
# Function to manipulate session
|
|
manipulate_session() {
|
|
local session_id=$1
|
|
local new_profile_id=$2
|
|
local new_profile_type=$3
|
|
|
|
echo "Manipulating session: $session_id"
|
|
echo " Setting activeProfileId to: $new_profile_id"
|
|
echo " Setting activeProfileType to: $new_profile_type"
|
|
|
|
php artisan tinker --execute="
|
|
\$session = DB::table('sessions')->where('id', '$session_id')->first();
|
|
if (!\$session) {
|
|
echo 'Session not found';
|
|
exit(1);
|
|
}
|
|
|
|
// Decode payload
|
|
\$payload = unserialize(base64_decode(\$session->payload));
|
|
|
|
echo 'Current session data:' . PHP_EOL;
|
|
echo ' activeProfileId: ' . (\$payload['activeProfileId'] ?? 'NOT SET') . PHP_EOL;
|
|
echo ' activeProfileType: ' . (\$payload['activeProfileType'] ?? 'NOT SET') . PHP_EOL;
|
|
|
|
// Modify
|
|
\$payload['activeProfileId'] = $new_profile_id;
|
|
\$payload['activeProfileType'] = '$new_profile_type';
|
|
|
|
// Encode and save
|
|
\$newPayload = base64_encode(serialize(\$payload));
|
|
DB::table('sessions')->where('id', '$session_id')->update(['payload' => \$newPayload]);
|
|
|
|
echo PHP_EOL . 'Session updated!' . PHP_EOL;
|
|
echo ' NEW activeProfileId: $new_profile_id' . PHP_EOL;
|
|
echo ' NEW activeProfileType: $new_profile_type' . PHP_EOL;
|
|
"
|
|
}
|
|
|
|
# Main menu
|
|
echo "What would you like to do?"
|
|
echo "1) Show current sessions"
|
|
echo "2) Show session data"
|
|
echo "3) Manipulate session (change activeProfileId/Type)"
|
|
echo ""
|
|
read -p "Enter choice (1-3): " choice
|
|
|
|
case $choice in
|
|
1)
|
|
show_sessions
|
|
;;
|
|
2)
|
|
read -p "Enter session ID: " session_id
|
|
show_session_data "$session_id"
|
|
;;
|
|
3)
|
|
read -p "Enter session ID: " session_id
|
|
read -p "Enter new profile ID: " profile_id
|
|
echo "Profile types:"
|
|
echo " 1) App\\Models\\User"
|
|
echo " 2) App\\Models\\Organization"
|
|
echo " 3) App\\Models\\Bank"
|
|
echo " 4) App\\Models\\Admin"
|
|
read -p "Enter profile type (1-4): " type_choice
|
|
|
|
case $type_choice in
|
|
1) profile_type="App\\\\Models\\\\User" ;;
|
|
2) profile_type="App\\\\Models\\\\Organization" ;;
|
|
3) profile_type="App\\\\Models\\\\Bank" ;;
|
|
4) profile_type="App\\\\Models\\\\Admin" ;;
|
|
*) echo "Invalid choice"; exit 1 ;;
|
|
esac
|
|
|
|
manipulate_session "$session_id" "$profile_id" "$profile_type"
|
|
echo ""
|
|
echo "Now refresh your browser to see the changes!"
|
|
;;
|
|
*)
|
|
echo "Invalid choice"
|
|
exit 1
|
|
;;
|
|
esac
|