i was doing some security auditing using SSLSTRIP and the client had their password

Question

0

Asked: May 25, 20262026-05-25T02:06:02+00:00 2026-05-25T02:06:02+00:00

i was doing some security auditing using SSLSTRIP and the client had their password

0

i was doing some security auditing using SSLSTRIP and the client had their password saved in a cookie, which got me thinking. So I on my account logged into YouTube and grabbed the LOGIN INFO cookie. For the benefit of my privacy i have censored part of the contents, just know that * represents one censored number. This was the contents:
decee*****d0200a8c3f**f1bd2dea**c40AAAB7IjEiOiAxLCAiMyI*IDY0MDYzMjY0MywgIjIiOiAiSjVRRFdmUDR5ZFA1VjZZZHVvNUlldz**IiwgIjUiOiA*NTAzNjAxNzY2NDY1NTM2LCAiNCI6ICJHQUlBIiwgIjciOiAxMzE0ODM1MjI5LCAiNiI6IGZhbHNlLCAiOCI6IDI5NzEwMTU4Njg1N**
I was wondering what type of hash this is, and if it is possible to decrypt? Just some plain old curiosity here, thanks for any replies or thoughts!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T02:06:02+00:00

Editorial Team

2026-05-25T02:06:02+00:00Added an answer on May 25, 2026 at 2:06 am

Youtube does not store user credentials in a cookie, that “hash” is probably just a random string used as session id, so there is no way you could “decrypt” the username/password from that string.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

i was doing some security auditing using SSLSTRIP and the client had their password

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply