A few days ago I created an account at www.youtube.com and logged in.<br>After watching some animes I closed the browser without logging out.<br>Today I visited that page again I found myself being logged in as another user<br><br>Maybe my session has expired and when that user logged in he got assigned the same session?<br>Keep doing this everyday and maybe someday I'll be logged in as the admin? <img alt="\":D\"" src="%5C">
btw, does anybody know how to download videos from youtube.com straight to computer?<br>i have had found a way how to do it some time ago, but recently they have changed the construction of their program and now i cannot do it anymore.<br><br>btw, i am wondering how can it be that for example, if i saw video on firefox, then turn it off and later turn it on again, video is already loaded and doesnt need to be downloaded again? it seems like browsers can cache the video but sadly, i havent found, where are they caching it <img alt="\":noclue:\"" src="%5C">
What u can do is use this site http://javimoya.com/blog/youtube_en.php and enter the link to the video. <br>It then gives u a link to download. Later u will need a FLV player to play the videos. I use FLVPlayer.<br><br>see ya<br><br>ps: found a ff extension too, but didn't try it yet.
i have tried to decompile, and it was working for me. but now, when they changed the system, all directories are forbidden <img alt="\":-)\"" src="%5C">
there are ff extentions that download flash movies<br>there are websites like keepvid.com<br><br>session collision to me sounds hard to believe, it could be a one in a milliion fluke ..<br><br>
I don't know how many users youTube has exactly, but I guess that it doesn't take too much time for them tho get a million logins....<img alt="\":P\"" src="%5C">
session numbers are typically 128bits ... meaning even if everybody on the planet logged in 10 times a day<br>it would still 5*10E27<br><br>now this is what the youtube cookie looks like<br><pre>
Cookie: VISITOR_INFO1_LIVE=AoiTcQrjxSk; use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw;
user_omniture=3756d44ab2f6fdee26892cc5805390c2dAEAAAAw; GEO=0c471c12cce542a30221900da0a67ea0cxYAAABCRSx2YW4sbWVjaGVsZW4sLCwsLC0x;
LOGIN_INFO=5294f2f2fb5cf32793997ac072c6fba6e3QgAAAAbV91c2VyX2lkX0FORF9zZXNzaW9uX251bWJlcl9tZDVzIAAAAGQzMjdlNmUzMGVjODBmMTBkYTJhY2E4NjE0MDAwYWZhdAkAAABtX3VzZXJfaWRsAgAAAFBccQgw
</pre><br><br>feel free to analyse that but it would suprise me if there is less than 64bit possible settings
Although it's hard to believe, the session collision happened to me again a few days ago <img alt="\":D\"" src="%5C"><br><br><br>However, this time, the session seemed to have expired. When I clicked on any link, I got back to my account.<br>So maybe this has something to do with YouTube caching mechanism (there is one, haven't you noticed? <img alt="\":P\"" src="%5C">)<br><br>PS: No, I haven't given up on using Linux - it's just that my work comp still runs Winblowz
I'm decompiling the LOGIN_INFO cookie..<br><br>Originaly it's: bb04346ad5d28bc38c6a3957ddc4bf0ae3QgAAAAbV91c2VyX2lkX0FORF9zZXNzaW9uX251bWJlcl9tZDVzIAAAADU4OTQ1ZDVhYmRmNjc5OWFlNjkwYjNjYjhmYTc3MjVmdAkAAABtX3VzZXJfaWRsAgAAACtbXA10FQAAAG1fYXV0aGVudGljYXRpb25fdHlwZXQIAAAAUEFTU1dPUkQw<br><br>When I base64 decode it: m½8ßwvñ·7ñΚßÞ{u×8mý{t &#65533;&#65533;&#65533;m_user_id_AND_session_number_md5s &#65533;&#65533;&#65533;58945d5abdf6799ae690b3cb8fa7725ft &#65533;&#65533;&#65533;m_user_idl&#65533;&#65533;&#65533;+[ t&#65533;&#65533;&#65533;m_authentication_typet&#65533;&#65533;&#65533;PASSWORD0<br><br>You can see there a few plain strings and a hash: m_user_id_AND_session_number_md5s , m_user_idl , m_authentication_typet , PASSWORD0 , 58945d5abdf6799ae690b3cb8fa7725ft<br><br>&#65533;&#65533;&#65533; is probably a seperator..<br><br>The hash is 33 chars long so it's not md5, but as you can see one of the plain strings says \"md5\". Why? <br><br>And what is that thing on the beginning: m½8ßwvñ·7ñΚßÞ{u×8mý{t<br><br>EDIT:<br>I did get some differend LOGIN_INFOs with the same and with other accounts. The hash always ends with a \"t\". So we could try to remove it..<br><br>Also I can give you a more clear list of variables in that cookie:<br>null = \"m½8ßwvñ·7ñΚßÞ{u×8mý\" (changes in a session change)<br>m_user_id_AND_session_number_md5s = \"58945d5abdf6799ae690b3cb8fa7725f\" (changes in a session change, 32 chars long, md5[?])<br>m_user_idl = \"+[\" (changes in a account change, always same for the same account, 3 chars long)<br>m_authentication_typet = \"PASSWORD0\" (always the same)<br><br>EDIT2: milw0rm cracker didn't find any plain text from any of the hashes..
<div class="\"tbscode_standard_quote_headline\""><img alt="\"Quote\"" src="%5C">Quote from <a href="%5C">Ape</a>:</div><div class="\"tbscode_standard_quote\"">I'm decompiling the LOGIN_INFO cookie..<br>EDIT2: milw0rm cracker didn't find any plain text from any of the hashes..</div><br><br>and you are at all suprised at this? Session id usually is an md5 hash of a bunch of data, time, random,userdata,...<br>