Generating cookie from website that implements testcookie-nginx-module

Question

This is a follow question on this answer: Link Here

Based on that answer I am able to bypass the security check of testcookie-nginx-module used by byethost hosting.

The problem is that the cookies I used are copied from a web browser. I need to get the COOKIE from my website, using my android device so that I can use it to make request on byethost server.

Byethost provides a __test cookie to check for validity of a request on an existing session, if it seems that the only way for me to access to server is to be a "valid browser", How to tell the server that I am valid browser from an android device? So that I can have the cookie given to the web browsers.

If it helps, I would like to add that I use Volley library. – Aesthetic Nov 25 '16 at 13:23 — Aesthetic, Nov 25 '16 at 13:23

score 1 · Answer 1 · answered Jan 04 '17 at 16:35

I met the same problem and first I used WebView to access the page and get the cookies, use that to bypass the security check of testcookie-nginx-module

    WebView myWebView = new WebView(this);
    myWebView.getSettings().setJavaScriptEnabled(true);
    myWebView.loadUrl("my_page_here");

    String cookies = CookieManager.getInstance().getCookie("my_page_here");
    System.out.println(cookies);
    myWebView.destroy();

Then to use with Volley, i created a CustomRequest extends StringRequest and override getHeaders like this:

@Override
public Map<String, String> getHeaders() throws AuthFailureError {
    Map<String, String> params = new HashMap<String, String>();
    params.put("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 ");
    params.put("Cookie", cookies+"; expires=Fri, 1-Jan-38 06:55:55 GMT; path=/");
    params.put("Content-Type", "application/x-www-form-urlencoded");
    return params;
}

And that's all, do you have any other solution yet? if not you could check this :D

score 1 · Answer 2 · answered Oct 18 '21 at 03:05

In case someone still needs a better answer, I would like to add mine. First, I created a Splash Screen Activity which first connects to the byethost server and get the response and then parse the "__test" cookie from it.

void getCookie() {
    RequestQueue mQueue = Volley.newRequestQueue(this);
    StringRequest stringRequest = new StringRequest(Request.Method.GET, Constants.SERVER_URL,
            response -> {
                try {
                    if (response.contains("src=\"/aes.js\"") || response.contains("src=\"/aes.min.js\"")) {
                        String beginOffsetA = "var a=toNumbers(\"";
                        String beginOffsetB = "\"),b=toNumbers(\"";
                        String beginOffsetC = "\"),c=toNumbers(\"";
                        String endOffsetC = "\");document.cookie=";
                        String a = response.substring((response.indexOf(beginOffsetA) + (beginOffsetA).length()), response.indexOf(beginOffsetB)); // Value of var a
                        String b = response.substring((response.indexOf(beginOffsetB) + (beginOffsetB).length()), response.indexOf(beginOffsetC)); // Value of var b
                        String c = response.substring((response.indexOf(beginOffsetC) + (beginOffsetC).length()), response.indexOf(endOffsetC)); // Value of var c
                        Constants.COOKIE = "__test=" + encrypt(hexStringToByteArray(a), hexStringToByteArray(b), hexStringToByteArray(c)).toLowerCase() + "; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; //This is the "__test" Cookie, e.g., "__test=8927389y1huwieqyue"    
                    } else {
                        theServerDoesNotNeedTestCookie();
                    }
                } catch (Exception e){
                    e.printStackTrace();
                    didntWork();
                }
            },
            error -> doesNotWork();
    );
    mQueue.add(stringRequest);
}

public String encrypt(byte[] key, byte[] initVector, byte[] data) {
    try {
        IvParameterSpec iv = new IvParameterSpec(initVector);
        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, keySpec, iv);
        byte[] encrypted = cipher.doFinal(data);
        return bytesToHex(encrypted);
    } catch (Exception ex) {
        new Reporter(this, ex);
    }
    return null;
}

public String bytesToHex(byte[] bytes) {
    final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
    char[] hexChars = new char[bytes.length * 2];
    for (int j = 0; j < bytes.length; j++) {
        int v = bytes[j] & 0xFF;
        hexChars[j * 2] = HEX_ARRAY[v >>> 4];
        hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
    }
    return new String(hexChars);
}


public byte[] hexStringToByteArray(String s) {
    int len = s.length();
    byte[] data = new byte[len / 2];
    for (int i = 0; i < len; i += 2) {
        data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                + Character.digit(s.charAt(i+1), 16));
    }
    return data;
}

This works for byethost.

Generating cookie from website that implements testcookie-nginx-module

2 Answers2

Linked