(token, fromMod, desc="")
| 203 | return cookiestring |
| 204 | |
| 205 | def jwtOut(token, fromMod, desc=""): |
| 206 | genTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S') |
| 207 | idFrag = genTime+str(token) |
| 208 | logID = "jwttool_"+hashlib.md5(idFrag.encode()).hexdigest() |
| 209 | if config['argvals']['targetUrl'] != "": |
| 210 | curTargetUrl = config['argvals']['targetUrl'] |
| 211 | p = re.compile(r'eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*') |
| 212 | |
| 213 | if config['argvals']['headerloc'] == "cookies": |
| 214 | cookietoken = p.subn(token, config['argvals']['cookies'], 0) |
| 215 | else: |
| 216 | cookietoken = [config['argvals']['cookies'],0] |
| 217 | |
| 218 | if config['argvals']['headerloc'] == "headers": |
| 219 | headertoken = [[],0] |
| 220 | for eachHeader in args.headers: |
| 221 | try: |
| 222 | headerSub = p.subn(token, eachHeader, 0) |
| 223 | headertoken[0].append(headerSub[0]) |
| 224 | if headerSub[1] == 1: |
| 225 | headertoken[1] = 1 |
| 226 | except: |
| 227 | pass |
| 228 | else: |
| 229 | headertoken = [[],0] |
| 230 | if args.headers: |
| 231 | for eachHeader in args.headers: |
| 232 | headertoken[0].append(eachHeader) |
| 233 | |
| 234 | if config['argvals']['headerloc'] == "postdata": |
| 235 | posttoken = p.subn(token, config['argvals']['postdata'], 0) |
| 236 | else: |
| 237 | posttoken = [config['argvals']['postdata'],0] |
| 238 | |
| 239 | |
| 240 | try: |
| 241 | cookiedict = parse_dict_cookies(cookietoken[0]) |
| 242 | except: |
| 243 | cookiedict = {} |
| 244 | |
| 245 | |
| 246 | |
| 247 | # Check if token was included in substitution |
| 248 | if cookietoken[1] == 1 or headertoken[1] == 1 or posttoken[1]: |
| 249 | resData = sendToken(token, cookiedict, logID, headertoken[0], posttoken[0]) |
| 250 | else: |
| 251 | if config['argvals']['overridesub'] == "true": |
| 252 | resData = sendToken(token, cookiedict, logID, headertoken[0], posttoken[0]) |
| 253 | else: |
| 254 | cprintc("[-] No substitution occurred - check that a token is included in a cookie/header in the request", "red") |
| 255 | # cprintc(headertoken, cookietoken, "cyan") |
| 256 | exit(1) |
| 257 | if config['argvals']['canaryvalue']: |
| 258 | if config['argvals']['canaryvalue'] in str(resData[2]): |
| 259 | cprintc("[+] FOUND \""+config['argvals']['canaryvalue']+"\" in response:\n"+logID + " " + fromMod + " Response Code: " + str(resData[0]) + ", " + str(resData[1]) + " bytes", "green") |
| 260 | else: |
| 261 | cprintc(logID + " " + fromMod + " Response Code: " + str(resData[0]) + ", " + str(resData[1]) + " bytes", "cyan") |
| 262 | else: |
no test coverage detected