Secure-Cookie-Faker
security tool to encode/decode Golang web-frameworks' client-side session cookie which use gorilla/securecookie or gorilla/sessions, such as Gin, Echo or Iris
Stats
top stars Go web-frameworks' using of gorilla/securecookie or gorilla/sessions
(stars count comes from go-web-framework-stars)
and many personal application using them as a basic web application toolkit link
Usage
you can build from source code or download binaries from releases page
Secure Cookie Faker v0.1
Usage: faker [enc/dec] [-n cookie_name] [-k secret_key] [-o object_string / -c cookie_string]
Mode:
dec
decode mode, cookie => object
enc
encode mode, object => cookie
Options:
--help show help
-k string
secret keys, string like "key" or multiple keys like "key1, key2, key3"
-n string
the cookie name
-o string
object to be encoded, string like "{key1[type]: value1[type], key2[type]: value2[type]}"
type hint could be `int`, `float`, `bool`, `string`, `byte`
when type is `string`, it could be omitted. like this {str1: str2}
if mode is encode, this param is required
-c string
cookie to be decoded
if mode is decode, this param is required
-way string
serialize way: gob | json | nop(default "gob")
Example
choosing a mode is required: enc or dec
decode cookie
$ ./faker dec -c "MTU2MTE4NjQzNHxFXy1CQkFFQkEwOWlhZ0hfZ2dBQkVBRVFBQUJUXzRJQUF3WnpkSEpwYm1jTUJnQUVkWE5sY2daemRISnBibWNNQndBRllXUnRhVzRHYzNSeWFXNW5EQVFBQW1sa0EybHVkQVFDQUFBR2MzUnlhVzVuREFjQUJYQnZhVzUwQTJsdWRBUUZBUDBERFQ0PXwKR14WwPjXeUBZlZ0sKcEfRu-n7_va9drjsFaIEVahmA=="
-c
: cookie to be decoded
encode object
$ ./faker enc -n "mysession" -k "secret" -o "{user: admin, id: 0[int]}"
-o
: object string,its like a K-V map, it should have type hints
-n
: cookie name, its required because the HMAC hash's generation relies on it
-k
: secret key(s), could be multiple: -k "key1, key2"
, the first is hash key, and the second is encrypt block key
when element's type is string
, the type tag can be omitted
type tag can only be int
, uint
, float
, bool
, string
, byte
change serializer
$ ./faker enc -n "mysession" -k "secret" -o "some-string" -way json
$ ./faker enc -n "mysession" -k "secret" -o "{id: 0[int]}" -way json
$ ./faker enc -n "mysession" -k "secret" -o "some-string" -way nop
$ ./faker dec -c "MTU2NjkxMjI4NXxleUoxYzJWeUlqb2lZV1J0YVc0aWZRbz18OibftwH33BZStXtep7TbN_mbyk8RftQe9t_wxCJXhHo=" -way json