hacktricks icon indicating copy to clipboard operation
hacktricks copied to clipboard

Published 20 hours ago verified publisher icon HackTricks-wiki

URL-encode base64 encoded hash

Open juergenhoetzel opened this issue 2 years ago • 1 comments

Base64 strings can contain "+", "=" and "/" characters.

Also use PHP for hash generation (like the showcased symfony code).

juergenhoetzel avatar Aug 02 '22 11:08 juergenhoetzel 

$ grep ^APP_SECRET .env 
APP_SECRET=2d196390accfb409bd1091203a572531
$ python3 -c "import base64, hmac, hashlib; print(base64.b64encode(hmac.HMAC(b'2d196390accfb409bd1091203a572531', b'http://localhost:8000/_fragment', hashlib.sha256).digest()))"
b'aluwOeeQHfCCQvO8IpQBah0UwshTEzLVYE4T+uJYi3c='

The existing code did not work for my APP_SECRET because of the special char + in the Base64 encoding.

juergenhoetzel avatar Aug 02 '22 11:08 juergenhoetzel

thanks!

carlospolop avatar Sep 01 '22 23:09 carlospolop