MCPcopy
hub / github.com/ticarpi/jwt_tool / preScan

Function preScan

jwt_tool.py:1695–1722  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

1693
1694
1695def preScan():
1696 cprintc("Running prescan checks...", "cyan")
1697 jwtOut(jwt, "Prescan: original token", "Prescan: original token")
1698 if config['argvals']['canaryvalue']:
1699 if config['argvals']['canaryvalue'] not in config['argvals']['rescontent']:
1700 cprintc("Canary value ("+config['argvals']['canaryvalue']+") was not found in base request - check that this token is valid and you are still logged in", "red")
1701 shallWeGoOn = input("Do you wish to continue anyway? (\"Y\" or \"N\")")
1702 if shallWeGoOn == "N":
1703 exit(1)
1704 elif shallWeGoOn == "n":
1705 exit(1)
1706 origResSize, origResCode = config['argvals']['ressize'], config['argvals']['rescode']
1707 jwtOut("null", "Prescan: no token", "Prescan: no token")
1708 nullResSize, nullResCode = config['argvals']['ressize'], config['argvals']['rescode']
1709 if config['argvals']['canaryvalue'] == "":
1710 if origResCode == nullResCode:
1711 cprintc("Valid and missing token requests return the same Status Code.\nYou should probably specify something from the page that identifies the user is logged-in (e.g. -cv \"Welcome back, ticarpi!\")", "red")
1712 shallWeGoOn = input("Do you wish to continue anyway? (\"Y\" or \"N\")")
1713 if shallWeGoOn == "N":
1714 exit(1)
1715 elif shallWeGoOn == "n":
1716 exit(1)
1717 jwtTweak = contents.decode()+"."+sig[:-4]
1718 jwtOut(jwtTweak, "Prescan: Broken signature", "This token was sent to check if the signature is being checked")
1719 jwtOut(jwt, "Prescan: repeat original token", "Prescan: repeat original token")
1720 if origResCode != config['argvals']['rescode']:
1721 cprintc("Original token not working after invalid submission. Testing will need to be done manually, re-authenticating after each invalid submission", "red")
1722 exit(1)
1723
1724
1725def runScanning():

Callers 1

runScanningFunction · 0.85

Calls 2

cprintcFunction · 0.85
jwtOutFunction · 0.85

Tested by

no test coverage detected