MCPcopy
hub / github.com/ticarpi/jwt_tool / scanModeCommonClaims

Function scanModeCommonClaims

jwt_tool.py:1572–1592  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

1570 cprintc("Scanning mode completed: review the above results.\n", "magenta")
1571
1572def scanModeCommonClaims():
1573 cprintc("\nLAUNCHING SCAN: Common Claim Injection", "magenta")
1574 # Inject external URLs into common claims
1575 with open(config['input']['commonHeaders'], "r", encoding='utf-8', errors='ignore') as commonHeaders:
1576 nextHeader = commonHeaders.readline().rstrip()
1577 while nextHeader:
1578 injectExternalInteractionHeader(config['services']['httplistener']+"/inject_common_", nextHeader)
1579 nextHeader = commonHeaders.readline().rstrip()
1580 with open(config['input']['commonPayloads'], "r", encoding='utf-8', errors='ignore') as commonPayloads:
1581 nextPayload = commonPayloads.readline().rstrip()
1582 while nextPayload:
1583 injectExternalInteractionPayload(config['services']['httplistener']+"/inject_common_", nextPayload)
1584 nextPayload = commonPayloads.readline().rstrip()
1585 # Inject dangerous content-types into common claims
1586 injectCommonClaims(None)
1587 injectCommonClaims(True)
1588 injectCommonClaims(False)
1589 injectCommonClaims("jwt_tool")
1590 injectCommonClaims(0)
1591
1592 cprintc("Scanning mode completed: review the above results.\n", "magenta")
1593
1594def injectCommonClaims(contentVal):
1595 with open(config['input']['commonHeaders'], "r", encoding='utf-8', errors='ignore') as commonHeaders:

Callers 1

runScanningFunction · 0.85

Calls 4

cprintcFunction · 0.85
injectCommonClaimsFunction · 0.85

Tested by

no test coverage detected