Open gl4nce opened 3 years ago
Yes, I had this in a test the other week. I hacked a solution on the day, but I'll clean it up and add it to the next update. Thanks for the suggestion.
Sounds good. Thanks a lot for your fast reply and the announced solution. 👍
@gl4nce I just added this functionality with 5f78b56d56da4000c73fe4867a5ca7a8e7e43e83, enjoy!!
Was this functionality removed? I'm only finding -pd option for POST DATA only, not get parameters. Either way, can we get some examples of how I should use the flag?
Was this functionality removed? I'm only finding -pd option for POST DATA only, not get parameters. Either way, can we get some examples of how I should use the flag?
Hey @octoberfestuser, I submitted a pull request to add this functionality, but unfortunately it hasn't been merged in yet. You can pull down my fork though, which includes the functionality! https://github.com/dillonfranke/jwt_tool
Usage would be like this for parsing a token from a GET parameter:
python3 jwt_tool.py -t https://TARGET -gd "token=ey...." -M pb
@dillonfranke Thanks a lot man!! such a fast reply as well I'm impressed xd
Any update on a merge to the main branch ? :)
I know this is really bad practise, but currently I'm pentesting an API which is sending the JWT as a simple get parameter. JWT_Tool does not support this case. Maybe it can/should be added for such cases?
Thanks for this great tool!