#!/usr/bin/env python3
"""
Analyze session handling more carefully
"""

import requests
import urllib3
import base64
urllib3.disable_warnings()

BASE_URL = "https://vulnerability-research-dbfd88d4dab49dc2.chals.uoftctf.org"

# Make request and get session cookie
response = requests.get(BASE_URL + "/welcome/default/index", verify=False)

print("Cookies received:")
for cookie in response.cookies:
    print(f"  {cookie.name} = {cookie.value[:100]}")
    
    # Try to decode if it looks like base64
    try:
        if len(cookie.value) > 20:
            decoded = base64.b64decode(cookie.value)
            print(f"    Decoded (base64): {decoded[:200]}")
    except:
        pass

# Check if session is in cookie vs server-side
print("\n[*] Checking session storage type...")

# Make two requests with same session cookie
r1 = requests.get(BASE_URL + "/welcome/default/index", verify=False)
session_cookie = r1.cookies.get('session_id_welcome')

if session_cookie:
    print(f"[+] Session ID cookie: {session_cookie}")
    print("[+] This is server-side session storage")
else:
    print("[-] No session_id cookie - checking for session_data...")
    session_data = r1.cookies.get('session_data_welcome')
    if session_data:
        print(f"[+] Session DATA cookie found! Length: {len(session_data)}")
        print("[!!!] This uses cookie-based sessions - might be vulnerable to pickle!")

print("\n[*] Session cookies:", dict(r1.cookies))