The document discusses detecting and decrypting an encrypted cookie value. It notes the cookie appears to be URI-encoded and base64-encoded. Decrypting the cookie reveals a repeating pattern indicating encryption with ECB cipher and 8-byte block size. By modifying the username and removing the first 8 bytes, a new encoded cookie value can be generated.

2. Web Page

5. Register form page

6. Open Burp Suite and Intercept is on
Key username password and click Register

7. You don’t have admin privilrged.

8. Test script format session injection
edit parameter %2500 to %00

14. If we look at the cookie, we can see that it seems uri-encoded and base64-encoded:

15. The 2 equals sign encoded as %3d%3d are a good indicator of base64-encoded string.
base64decode

17. can see that part of the decrypted values look really similar.

18. If we decode this value, we get the following value:

19. x1aLxd23kxcax1dxd7
Based on the size of the pattern, we can infer that the ECB encryption uses a block size of 8 bytes.

20. aaaaaaaaadmin

22. can see the pattern x1aLxd23kxcax1dxd7detected previously with the username that
contained 20 a.
can then remove the first 8 bytes of information and reencode our payload to get a new
cookie:
x1aLxd23kxcax1dxd7 x982x10oxc6pqxe4xdcxde9xc5xa2x87/xc6

23. encode by python2.7