jwt_tool
jwt_tool copied to clipboard
ticarpi
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
Would be a nice feature, if JWTs in multiple locations can appear with an option to select one for testing. I'm currently testing an website which is sending two JWTs...
``` -I, --injectclaims inject new claims and update existing claims with new values (set signing options with -S or use exploits with -X) (set target claim with -hc/-pc and injection...
When combining temper + an attack, the output token is the original token + the attack, the tempering is ignored. For example: ``` $ jwt-tool eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJsb2dpbiI6Im5vcmFqIiwiaWF0IjoiMTY2NTI1NDU4MyJ9.OTgxOGE0YWE5Y2UyYTQ5N2FlMzZlZmMwZTIxOGIwOTFhZDdjOTRlYWE4MDFkMWJlOTgwN2E1NTkxMzAzMGMwYw -T -X a ......
The tool does not handle extremely large timestamps (e.g.: 1001662538673) properly and crashes. The dissectPayl function should be patched like this: ``` def dissectPayl(paylDict, count=False): timeseen = 0 comparestamps =...
Help me pls ``` timestamp = datetime.fromtimestamp(int(paylDict[claim])) ValueError: invalid literal for int() with base 10: '2022-09-10 08:58:57 +0400' ```
Hi, This PR propose an implementation to test exposure to [CVE-2022-21449](https://nvd.nist.gov/vuln/detail/CVE-2022-21449). It refer to the issue #65 I tried following the current coding rules as much as possible and tried...
Hi, I encountered the following problem while trying to pass a jwt in a cookie (`-rc`) that was URL-encoded : ``` Traceback (most recent call last): File "C:\Tools\jwt_tool-master\jwt_tool.py", line 2002,...
Is there a way to delay requests... I mean a request each 3ooo ms using jwt_tool
I know this is really bad practise, but currently I'm pentesting an API which is sending the JWT as a simple get parameter. JWT_Tool does not support this case. Maybe...