MCPcopy
hub / github.com/ticarpi/jwt_tool / jwtOut

Function jwtOut

jwt_tool.py:205–282  ·  view source on GitHub ↗
(token, fromMod, desc="")

Source from the content-addressed store, hash-verified

203 return cookiestring
204
205def jwtOut(token, fromMod, desc=""):
206 genTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
207 idFrag = genTime+str(token)
208 logID = "jwttool_"+hashlib.md5(idFrag.encode()).hexdigest()
209 if config['argvals']['targetUrl'] != "":
210 curTargetUrl = config['argvals']['targetUrl']
211 p = re.compile(r'eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*')
212
213 if config['argvals']['headerloc'] == "cookies":
214 cookietoken = p.subn(token, config['argvals']['cookies'], 0)
215 else:
216 cookietoken = [config['argvals']['cookies'],0]
217
218 if config['argvals']['headerloc'] == "headers":
219 headertoken = [[],0]
220 for eachHeader in args.headers:
221 try:
222 headerSub = p.subn(token, eachHeader, 0)
223 headertoken[0].append(headerSub[0])
224 if headerSub[1] == 1:
225 headertoken[1] = 1
226 except:
227 pass
228 else:
229 headertoken = [[],0]
230 if args.headers:
231 for eachHeader in args.headers:
232 headertoken[0].append(eachHeader)
233
234 if config['argvals']['headerloc'] == "postdata":
235 posttoken = p.subn(token, config['argvals']['postdata'], 0)
236 else:
237 posttoken = [config['argvals']['postdata'],0]
238
239
240 try:
241 cookiedict = parse_dict_cookies(cookietoken[0])
242 except:
243 cookiedict = {}
244
245
246
247 # Check if token was included in substitution
248 if cookietoken[1] == 1 or headertoken[1] == 1 or posttoken[1]:
249 resData = sendToken(token, cookiedict, logID, headertoken[0], posttoken[0])
250 else:
251 if config['argvals']['overridesub'] == "true":
252 resData = sendToken(token, cookiedict, logID, headertoken[0], posttoken[0])
253 else:
254 cprintc("[-] No substitution occurred - check that a token is included in a cookie/header in the request", "red")
255 # cprintc(headertoken, cookietoken, "cyan")
256 exit(1)
257 if config['argvals']['canaryvalue']:
258 if config['argvals']['canaryvalue'] in str(resData[2]):
259 cprintc("[+] FOUND \""+config['argvals']['canaryvalue']+"\" in response:\n"+logID + " " + fromMod + " Response Code: " + str(resData[0]) + ", " + str(resData[1]) + " bytes", "green")
260 else:
261 cprintc(logID + " " + fromMod + " Response Code: " + str(resData[0]) + ", " + str(resData[1]) + " bytes", "cyan")
262 else:

Callers 13

tamperTokenFunction · 0.85
signingTokenFunction · 0.85
rejigTokenFunction · 0.85
injectOutFunction · 0.85
scanModePlaybookFunction · 0.85
injectCommonClaimsFunction · 0.85
injectEachHeaderFunction · 0.85
injectEachPayloadFunction · 0.85
reflectedClaimsFunction · 0.85
preScanFunction · 0.85

Calls 4

parse_dict_cookiesFunction · 0.85
sendTokenFunction · 0.85
cprintcFunction · 0.85
setLogFunction · 0.85

Tested by

no test coverage detected