ticarpi
commented
3 years ago Yes, I had this in a test the other week. I hacked a solution on the day, but I'll clean it up and add it to the next update. Thanks for the suggestion.
Open gl4nce opened 3 years ago
ticarpi
commented
3 years ago Yes, I had this in a test the other week. I hacked a solution on the day, but I'll clean it up and add it to the next update. Thanks for the suggestion.
gl4nce
commented
3 years ago Sounds good. Thanks a lot for your fast reply and the announced solution. 👍
dillonfranke
commented
2 years ago @gl4nce I just added this functionality with 5f78b56d56da4000c73fe4867a5ca7a8e7e43e83, enjoy!!
octoberfestuser
commented
1 year ago Was this functionality removed? I'm only finding -pd option for POST DATA only, not get parameters. Either way, can we get some examples of how I should use the flag?
dillonfranke
commented
1 year ago Was this functionality removed? I'm only finding -pd option for POST DATA only, not get parameters. Either way, can we get some examples of how I should use the flag?
Hey @octoberfestuser, I submitted a pull request to add this functionality, but unfortunately it hasn't been merged in yet. You can pull down my fork though, which includes the functionality! https://github.com/dillonfranke/jwt_tool
Usage would be like this for parsing a token from a GET parameter:
python3 jwt_tool.py -t https://TARGET -gd "token=ey...." -M pb@dillonfranke Thanks a lot man!! such a fast reply as well I'm impressed xd
hugo-syn
commented
1 year ago Any update on a merge to the main branch ? :)
I know this is really bad practise, but currently I'm pentesting an API which is sending the JWT as a simple get parameter. JWT_Tool does not support this case. Maybe it can/should be added for such cases?
Thanks for this great tool!