Cookie generated by javascript?

Question

I'm trying to run curl on this domain:

curl 'http://www.zone-h.org/'

When I try to run that command by itself, it doesn't get the page's content like I'm wanting it to do.

When I run curl like this, it does work correctly:

curl 'http://www.zone-h.org/archive' -H 'Cookie: ZH=9ad2c41c5fe02ef34a30a22c1902b4bf'

This works on my local desktop because I was able to visit the website in my browser and get the cookie string. However, I'm trying to run this on my VPS and it isn't working correctly. I'm guessing this is because my IP is different or something like that.

I'm not exactly sure what's causing this, but I think it's the file here:

http://www.zone-h.org/z.js

How can I find out what I should set the cookie to on my VPS so I can run this command there? Is there a way to figure out how the cookie string is being generated or to get the correct cookie for my VPS?

Answer 1

First, the javascript that sets the cookie is actually in the initial body you get for the main URL. The z.js file provides a bunch of javascript helper functions though that gets called by the main javascript code.

The key logic to learn is this piece (I split the line to look better here):

document.cookie="ZH="+toHex(slowAES.decrypt(c,2,a,b))+
"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/";

See? It makes a cookie with AES-decrypted contents using input from the a, b, and c variables it set in the original body. You can probably write your own logic in another language to mimic that, if you really want to.

But also see that it sets an expiry date for 2037 for this ZH cookie. You can therefore probably re-use the cookie you have for many years to come without even having to calculate a new one (unless it runs this script again).