search

lmammino / jwt-cracker

Simple HS256, HS384 & HS512 JWT token brute force cracker.
https://lmammino.github.io/jwt-cracker/
MIT License
1.05k stars 165 forks source link

Unsupported Type: undefined #38

Open he4rtbleed opened 3 months ago

he4rtbleed commented 3 months ago

The value of typ in the header of the jwt token may not exist, please add exception handling for this case.

AmirhosseinBidokhti commented 3 months ago

I got the same error trying to test this tool to solve a lab on Portswigger. Used -f to skip token validation but still raised error regarding the HMAC.

✗ jwt-cracker -t eyJraWQiOiIwNTRmM2RjZC1kY2E5LTRmNTQtYTY0ZS0yMzQ2ZjU4YjM1NzYiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJwb3J0c3dpZ2dlciIsImV4cCI6MTcyMzgyNjA3OSwic3ViIjoid2llbmVyIn0.9_FGsLMyxrwnRSGAiLtkq4KeIxGWWn_a9KTUfvQ0_GQ -d jwt.secrets.list -f

Unsupported Typ: undefined node:internal/validators:162 throw new ERR_INVALID_ARG_TYPE(name, 'string', value); ^

TypeError [ERR_INVALID_ARG_TYPE]: The "hmac" argument must be of type string. Received undefined at new NodeError (node:internal/errors:406:5) ...

Node.js v20.8.0 SECRET NOT FOUND Time taken (sec): 0.081 Total attempts: 0