MCPcopy
hub / github.com/ticarpi/jwt_tool / testKey

Function testKey

jwt_tool.py:680–705  ·  view source on GitHub ↗
(key, sig, contents, headDict, quiet)

Source from the content-addressed store, hash-verified

678 return newVal
679
680def testKey(key, sig, contents, headDict, quiet):
681 if headDict["alg"] == "HS256":
682 testSig = base64.urlsafe_b64encode(hmac.new(key,contents,hashlib.sha256).digest()).decode('UTF-8').strip("=")
683 elif headDict["alg"] == "HS384":
684 testSig = base64.urlsafe_b64encode(hmac.new(key,contents,hashlib.sha384).digest()).decode('UTF-8').strip("=")
685 elif headDict["alg"] == "HS512":
686 testSig = base64.urlsafe_b64encode(hmac.new(key,contents,hashlib.sha512).digest()).decode('UTF-8').strip("=")
687 else:
688 cprintc("Algorithm is not HMAC-SHA - cannot test with this tool.", "red")
689 exit(1)
690 if testSig == sig:
691 cracked = True
692 if len(key) > 25:
693 cprintc("[+] CORRECT key found:\n"+key.decode('UTF-8'), "green")
694 else:
695 cprintc("[+] "+key.decode('UTF-8')+" is the CORRECT key!", "green")
696 cprintc("You can tamper/fuzz the token contents (-T/-I) and sign it using:\npython3 jwt_tool.py [options here] -S "+str(headDict["alg"]).lower()+" -p \""+key.decode('UTF-8')+"\"", "cyan")
697 return cracked
698 else:
699 cracked = False
700 if quiet == False:
701 if len(key) > 25:
702 cprintc("[-] "+key[0:25].decode('UTF-8')+"...(output trimmed) is not the correct key", "red")
703 else:
704 cprintc("[-] "+key.decode('UTF-8')+" is not the correct key", "red")
705 return cracked
706
707def getRSAKeyPair():
708 #config['crypto']['pubkey'] = config['crypto']['pubkey']

Callers 3

checkSigFunction · 0.85
checkSigKidFunction · 0.85
crackSigFunction · 0.85

Calls 1

cprintcFunction · 0.85

Tested by

no test coverage detected