Skip to content
/ sessiongoat Public

A rails 4.1 app demonstrating impersonating a user with a leaked secret_key_base

2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mnipper/sessiongoat

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
app
app
 
 
bin
bin
 
 
config
config
 
 
db
db
 
 
lib
lib
 
 
log
log
 
 
public
public
 
 
test
test
 
 
vendor/assets
vendor/assets
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
README.rdoc
README.rdoc
 
 
Rakefile
Rakefile
 
 
config.ru
config.ru
 
 

Repository files navigation

Demonstrates impersonating a user with Rails 4.1 and devise when you have the secret_key_base and the hashed password of a user.

To run:

rails runner lib/impersonate.rb

Run rake db:setup before running the app. It creates a few users for your convenience.

About

A rails 4.1 app demonstrating impersonating a user with a leaked secret_key_base

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages