YouTube session collision? – 21 Posts

• YouTube session collision?

  06/17/2006 13:05

  quangntenemy 7120

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  A few days ago I created an account at www.youtube.com and logged in.<br>After watching some animes I closed the browser without logging out.<br>Today I visited that page again I found myself being logged in as another user<br><br>Maybe my session has expired and when that user logged in he got assigned the same session?<br>Keep doing this everyday and maybe someday I'll be logged in as the admin? <img alt="\&quot;:D\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  kapax 720

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  thats very interesting. i will try to register there too <img alt="\&quot;:D\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  kapax 720

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  btw, does anybody know how to download videos from youtube.com straight to computer?<br>i have had found a way how to do it some time ago, but recently they have changed the construction of their program and now i cannot do it anymore.<br><br>btw, i am wondering how can it be that for example, if i saw video on firefox, then turn it off and later turn it on again, video is already loaded and doesnt need to be downloaded again? it seems like browsers can cache the video but sadly, i havent found, where are they caching it <img alt="\&quot;:noclue:\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  BaRa 2950

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  In your browsercache!?

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  Grivier 2240

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  google for youtube movie downloader...<br>and don't download extension for ff,but use the site<br>Grivier

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  r0d 210

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  What u can do is use this site http://javimoya.com/blog/youtube_en.php and enter the link to the video. <br>It then gives u a link to download. Later u will need a FLV player to play the videos. I use FLVPlayer.<br><br>see ya<br><br>ps: found a ff extension too, but didn't try it yet.

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  quangntenemy 7120

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Or you can just decompile the flash and get the link from there <img alt="\&quot;:P\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  r0d 210

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  quangntenemy, heeh, you sure like to suffer <img alt="\&quot;:nick:\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  kapax 720

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  i have tried to decompile, and it was working for me. but now, when they changed the system, all directories are forbidden <img alt="\&quot;:-)\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  sniperkid 5440

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  maybe a scanner would reveal some interesting information <img alt="\&quot;:P\&quot;" src="%5C"> ?<br>

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  i suggest you record them from your monitor with your webcam <img alt="\&quot;:D\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  weasel 90

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  I use the livehttpheaders extension for firefox to look for the real location of the video.

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  there are ff extentions that download flash movies<br>there are websites like keepvid.com<br><br>session collision to me sounds hard to believe, it could be a one in a milliion fluke ..<br><br>

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  N1Ck37 190

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  I don't know how many users youTube has exactly, but I guess that it doesn't take too much time for them tho get a million logins....<img alt="\&quot;:P\&quot;" src="%5C">

  Edited by N1Ck37 01/28/2007 09:35 ago

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  session numbers are typically 128bits ... meaning even if everybody on the planet logged in 10 times a day<br>it would still 5*10E27<br><br>now this is what the youtube cookie looks like<br><pre> Cookie: VISITOR_INFO1_LIVE=AoiTcQrjxSk; use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; user_omniture=3756d44ab2f6fdee26892cc5805390c2dAEAAAAw; GEO=0c471c12cce542a30221900da0a67ea0cxYAAABCRSx2YW4sbWVjaGVsZW4sLCwsLC0x; LOGIN_INFO=5294f2f2fb5cf32793997ac072c6fba6e3QgAAAAbV91c2VyX2lkX0FORF9zZXNzaW9uX251bWJlcl9tZDVzIAAAAGQzMjdlNmUzMGVjODBmMTBkYTJhY2E4NjE0MDAwYWZhdAkAAABtX3VzZXJfaWRsAgAAAFBccQgw </pre><br><br>feel free to analyse that but it would suprise me if there is less than 64bit possible settings

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  quangntenemy 7120

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  Although it's hard to believe, the session collision happened to me again a few days ago <img alt="\&quot;:D\&quot;" src="%5C"><br><br><br>However, this time, the session seemed to have expired. When I clicked on any link, I got back to my account.<br>So maybe this has something to do with YouTube caching mechanism (there is one, haven't you noticed? <img alt="\&quot;:P\&quot;" src="%5C">)<br><br>PS: No, I haven't given up on using Linux - it's just that my work comp still runs Winblowz

  Edited by quangntenemy 01/29/2007 00:24 ago

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  HvT 20

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  This happens more often than you think, I and a lot of people I know have had it on several occasions<img alt="\&quot;:-o\&quot;" src="%5C">

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  Doula 690

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  i already had this problem...

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  Ape 150

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  I'm decompiling the LOGIN_INFO cookie..<br><br>Originaly it's: bb04346ad5d28bc38c6a3957ddc4bf0ae3QgAAAAbV91c2VyX2lkX0FORF9zZXNzaW9uX251bWJlcl9tZDVzIAAAADU4OTQ1ZDVhYmRmNjc5OWFlNjkwYjNjYjhmYTc3MjVmdAkAAABtX3VzZXJfaWRsAgAAACtbXA10FQAAAG1fYXV0aGVudGljYXRpb25fdHlwZXQIAAAAUEFTU1dPUkQw<br><br>When I base64 decode it: m½8ßwvñ·7ñΚßÞ{u×8mý{t &amp;#65533;&amp;#65533;&amp;#65533;m_user_id_AND_session_number_md5s &amp;#65533;&amp;#65533;&amp;#65533;58945d5abdf6799ae690b3cb8fa7725ft &amp;#65533;&amp;#65533;&amp;#65533;m_user_idl&amp;#65533;&amp;#65533;&amp;#65533;+[ t&amp;#65533;&amp;#65533;&amp;#65533;m_authentication_typet&amp;#65533;&amp;#65533;&amp;#65533;PASSWORD0<br><br>You can see there a few plain strings and a hash: m_user_id_AND_session_number_md5s , m_user_idl , m_authentication_typet , PASSWORD0 , 58945d5abdf6799ae690b3cb8fa7725ft<br><br>&amp;#65533;&amp;#65533;&amp;#65533; is probably a seperator..<br><br>The hash is 33 chars long so it's not md5, but as you can see one of the plain strings says \"md5\". Why? <br><br>And what is that thing on the beginning: m½8ßwvñ·7ñΚßÞ{u×8mý{t<br><br>EDIT:<br>I did get some differend LOGIN_INFOs with the same and with other accounts. The hash always ends with a \"t\". So we could try to remove it..<br><br>Also I can give you a more clear list of variables in that cookie:<br>null = \"m½8ßwvñ·7ñΚßÞ{u×8mý\" (changes in a session change)<br>m_user_id_AND_session_number_md5s = \"58945d5abdf6799ae690b3cb8fa7725f\" (changes in a session change, 32 chars long, md5[?])<br>m_user_idl = \"+[\" (changes in a account change, always same for the same account, 3 chars long)<br>m_authentication_typet = \"PASSWORD0\" (always the same)<br><br>EDIT2: milw0rm cracker didn't find any plain text from any of the hashes..

  Edited by Ape 06/19/2007 09:18 ago

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  UnknownUser 2,7290

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  <div class="\&quot;tbscode_standard_quote_headline\&quot;"><img alt="\&quot;Quote\&quot;" src="%5C">Quote from <a href="%5C">Ape</a>:</div><div class="\&quot;tbscode_standard_quote\&quot;">I'm decompiling the LOGIN_INFO cookie..<br>EDIT2: milw0rm cracker didn't find any plain text from any of the hashes..</div><br><br>and you are at all suprised at this? Session id usually is an md5 hash of a bunch of data, time, random,userdata,...<br>

  Edit

  Reply

  Quote

  0 Likes
• 06/17/2006 13:05

  Ape 150

  Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified

  I just try to say that the session hash is only an md5.. Only 128 bits. There are lots of trash in the cookie..

  Edit

  Reply

  Quote

  0 Likes