From 6708be79a783de6ae519a4697a76a48a50d166dd Mon Sep 17 00:00:00 2001 From: Jan-Jaap Korpershoek Date: Thu, 19 Oct 2023 12:09:29 +0200 Subject: [PATCH] Fix jwt_regex to also work for JWTs starting with eyA --- jwt_tool.py | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/jwt_tool.py b/jwt_tool.py index 9647dbe..2f4155c 100644 --- a/jwt_tool.py +++ b/jwt_tool.py @@ -51,6 +51,8 @@ # import colorama # colorama.init() +jwt_regex=r'ey[A-Za-z0-9_\/+-]*\.ey[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*' + def cprintc(textval, colval): if not args.bare: cprint(textval, colval) @@ -184,7 +186,7 @@ def parse_dict_cookies(value): def strip_dict_cookies(value): cookiestring = "" for item in value.split(';'): - if re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', item): + if re.search(jwt_regex, item): continue else: cookiestring += "; "+item @@ -197,7 +199,7 @@ def jwtOut(token, fromMod, desc=""): logID = "jwttool_"+hashlib.md5(idFrag.encode()).hexdigest() if config['argvals']['targetUrl'] != "": curTargetUrl = config['argvals']['targetUrl'] - p = re.compile('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*') + p = re.compile(jwt_regex) if config['argvals']['headerloc'] == "cookies": cookietoken = p.subn(token, config['argvals']['cookies'], 0) @@ -1350,7 +1352,7 @@ def searchLog(logID): qOutput = re.sub(' - eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', '', qResult) qOutput = re.sub(logID+' - ', '', qOutput) try: - jwt = re.findall('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', qResult)[-1] + jwt = re.findall(jwt_regex, qResult)[-1] except: cprintc("JWT not included in log", "red") exit(1) @@ -1911,15 +1913,15 @@ def printLogo(): jwt_count = 0 jwt_locations = [] - if args.cookies and re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', args.cookies): + if args.cookies and re.search(jwt_regex, args.cookies): jwt_count += 1 jwt_locations.append("cookie") - if args.headers and re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', str(args.headers)): + if args.headers and re.search(jwt_regex, str(args.headers)): jwt_count += 1 jwt_locations.append("headers") - if args.postdata and re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', str(args.postdata)): + if args.postdata and re.search(jwt_regex, str(args.postdata)): jwt_count += 1 jwt_locations.append("post data") @@ -1929,7 +1931,7 @@ def printLogo(): if args.cookies: try: - if re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', args.cookies): + if re.search(jwt_regex, args.cookies): config['argvals']['headerloc'] = "cookies" except: cprintc("Invalid cookie formatting", "red") @@ -1937,7 +1939,7 @@ def printLogo(): if args.headers: try: - if re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', str(args.headers)): + if re.search(jwt_regex, str(args.headers)): config['argvals']['headerloc'] = "headers" except: cprintc("Invalid header formatting", "red") @@ -1945,7 +1947,7 @@ def printLogo(): if args.postdata: try: - if re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', str(args.postdata)): + if re.search(jwt_regex, str(args.postdata)): config['argvals']['headerloc'] = "postdata" except: cprintc("Invalid postdata formatting", "red") @@ -1958,7 +1960,7 @@ def printLogo(): ]) try: - findJWT = re.search('eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*', searchString)[0] + findJWT = re.search(jwt_regex, searchString)[0] except: cprintc("Cannot find a valid JWT", "red") cprintc(searchString, "cyan")