search

ticarpi / jwt_tool

:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
GNU General Public License v3.0
5.46k stars 670 forks source link

sqlmap style request option #101

Closed rbrown256 closed 5 months ago

rbrown256 commented 11 months ago

Added -r so request files can be passed, sqlmap style:

./jwt_tool.py -r test-request.txt

Where test-request.txt is an HTTP request, for example, copied from Burp. e.g.:

GET /api/v33/user HTTP/2
Host: attacker-site.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Referer: https://attacker-site.co.uk/
X-Language-Code: en
X-Country-Code: de
X-Requested-With: XMLHttpRequest
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpbiI6InRpY2FycGkifQ.bsSwqj2c2uI9n7-ajmi3ixVGhPUiY7jO9SUn9dm15Po
Origin: https://attacker-site.co.uk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Te: trailers

-i option added in case this has to be sent over plain HTTP instead of HTTPS.

rbrown256 commented 7 months ago

Hi @ticarpi

How are you? I just wondered if you had chance to look at this?

ticarpi commented 5 months ago

Thanks for the contribution @rbrown256 - sorry for the delay in merging. Included in the latest release