Skip to content

Instantly share code, notes, and snippets.

@slmcmahon
Last active September 8, 2019 22:55
Show Gist options
  • Save slmcmahon/ee12bc22937ef825e1dce353df099d9f to your computer and use it in GitHub Desktop.
Save slmcmahon/ee12bc22937ef825e1dce353df099d9f to your computer and use it in GitHub Desktop.
Script to decode JWT from paste buffer.
#!/bin/bash
# Dependencies:
# JQ: https://stedolan.github.io/jq/download/
# if Linux, you'll need xclip: sudo apt install xclip.
# if OSX, then pbpaste is already there.
# To use this tool, just save it on your system and make
# it executable. Then, if you have copied a base64 encoded
# JWT, then you can simply execute this from a command prompt
# and it will decode the token and dump the JSON to your
# terminal window.
if [[ "$OSTYPE" == "linux-gnu" ]]; then
PASTECMD="xclip -o"
elif [[ "$OSTYPE" == "darwin"* ]]; then
PASTECMD="pbpaste"
else
# following the above pattern, you should easily be able
# to add an option for your OS
echo "OS not supported."
exit 0
fi
# Get the name of the paste executable, without any arguments
PASTERPATH=$(echo $PASTECMD | cut -d' ' -f1)
# Check to see if it is installed. Otherwise exit.
if [[ -z "$(which $PASTERPATH)" ]]; then
echo "$PASTERPATH is not installed on this system."
exit 0
fi
# Check to see if JQ is installed. Otherwise exit.
if [[ -z "$(which jq)" ]]; then
echo "JQ is not installed on this system."
exit 0
fi
# Execute the paste command to grab the token from the paste buffer
TOKEN=$($PASTECMD)
# Make a reasonable effort to determine if what is in the paste buffer actuall IS
# a token. This will check for something that starts with at least two unbroken
# strings of characters that are at least 30 characters long and separated by a
# '.' character. It is not perfect, but not likely to fail often enough to warrant
# more effort.
if [[ ! $TOKEN =~ ^[A-Za-z0-9_-]{30,}\.[A-Za-z0-9_-]{30,}.*$ ]]; then
echo "Your paste buffer does not appear to contain a valid token."
exit 0
fi
# there are probably 2 parts of the token that we want to see, so we setup to
# look at both of them.
for IDX in 1 2
do
echo
# split the contents of the paste buffer on the '.' and get the part
# identified by the current value of $IDX. Not sure why, but the final
# "} is always removed from these token parts after docoding, so that
# last bit just puts it back
TKN="$(echo $TOKEN | cut -d'.' -f$IDX | base64 --decode 2>/dev/null)\"}"
echo "Part $IDX"
jq '.' <<< $TKN
done
echo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment