MCPcopy
hub / github.com/ticarpi/jwt_tool / reflectedClaims

Function reflectedClaims

jwt_tool.py:1683–1692  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

1681# nextVal = valLst.readline()
1682
1683def reflectedClaims():
1684 checkVal = "jwt_inject_"+hashlib.md5(datetime.now().strftime('%Y-%m-%d %H:%M:%S').encode()).hexdigest()+"_"
1685 for claim in paylDict:
1686 tmpValue = paylDict[claim]
1687 paylDict[claim] = checkVal+claim
1688 tmpContents = base64.urlsafe_b64encode(json.dumps(headDict,separators=(",",":")).encode()).decode('UTF-8').strip("=")+"."+base64.urlsafe_b64encode(json.dumps(paylDict,separators=(",",":")).encode()).decode('UTF-8').strip("=")
1689 jwtOut(tmpContents+"."+sig, "Claim processing check in "+claim+" claim", "Token sent to check if the signature is checked before the "+claim+" claim is processed")
1690 if checkVal+claim in config['argvals']['rescontent']:
1691 cprintc("Injected value in "+claim+" claim was observed - "+checkVal+claim, "red")
1692 paylDict[claim] = tmpValue
1693
1694
1695def preScan():

Callers 1

scanModePlaybookFunction · 0.85

Calls 2

jwtOutFunction · 0.85
cprintcFunction · 0.85

Tested by

no test coverage detected