-T and -X k -pk do not seem to combine

ticarpi / jwt_tool

:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens

GNU General Public License v3.0

5.47k stars 671 forks source link

-T and -X k -pk do not seem to combine #47

Open donpellegrino opened 3 years ago

donpellegrino commented 3 years ago

In version 2.2.3, when -T is combined with -X k -pk, the output does not contain the tampered results. It seems these flags cannot be used together.

Workaround: Using -T alone works. The output from a -T run can then be used as the input for a -X k -pk run to get the desired results.

Mr-MooMoo commented 3 years ago

Can confirm this. Workaround .. works ;)

miguelpduarte commented 3 years ago

Can confirm both the issue and workaround for version 2.2.4.

This also occurs for the combination of -T and -X a on my end.

An easier way, instead of doing 2 calls to the script, is to use -I along with -pc/-pv or -hc/-hv if possible. This works in combination with the exploits and results in changing the signature as well as the encoded data, all in one go.