()
| 1693 | |
| 1694 | |
| 1695 | def preScan(): |
| 1696 | cprintc("Running prescan checks...", "cyan") |
| 1697 | jwtOut(jwt, "Prescan: original token", "Prescan: original token") |
| 1698 | if config['argvals']['canaryvalue']: |
| 1699 | if config['argvals']['canaryvalue'] not in config['argvals']['rescontent']: |
| 1700 | cprintc("Canary value ("+config['argvals']['canaryvalue']+") was not found in base request - check that this token is valid and you are still logged in", "red") |
| 1701 | shallWeGoOn = input("Do you wish to continue anyway? (\"Y\" or \"N\")") |
| 1702 | if shallWeGoOn == "N": |
| 1703 | exit(1) |
| 1704 | elif shallWeGoOn == "n": |
| 1705 | exit(1) |
| 1706 | origResSize, origResCode = config['argvals']['ressize'], config['argvals']['rescode'] |
| 1707 | jwtOut("null", "Prescan: no token", "Prescan: no token") |
| 1708 | nullResSize, nullResCode = config['argvals']['ressize'], config['argvals']['rescode'] |
| 1709 | if config['argvals']['canaryvalue'] == "": |
| 1710 | if origResCode == nullResCode: |
| 1711 | cprintc("Valid and missing token requests return the same Status Code.\nYou should probably specify something from the page that identifies the user is logged-in (e.g. -cv \"Welcome back, ticarpi!\")", "red") |
| 1712 | shallWeGoOn = input("Do you wish to continue anyway? (\"Y\" or \"N\")") |
| 1713 | if shallWeGoOn == "N": |
| 1714 | exit(1) |
| 1715 | elif shallWeGoOn == "n": |
| 1716 | exit(1) |
| 1717 | jwtTweak = contents.decode()+"."+sig[:-4] |
| 1718 | jwtOut(jwtTweak, "Prescan: Broken signature", "This token was sent to check if the signature is being checked") |
| 1719 | jwtOut(jwt, "Prescan: repeat original token", "Prescan: repeat original token") |
| 1720 | if origResCode != config['argvals']['rescode']: |
| 1721 | cprintc("Original token not working after invalid submission. Testing will need to be done manually, re-authenticating after each invalid submission", "red") |
| 1722 | exit(1) |
| 1723 | |
| 1724 | |
| 1725 | def runScanning(): |
no test coverage detected