jwtear 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +8 -9
- data/bin/jwtear +1 -1
- data/lib/jwtear/jwt.rb +22 -13
- data/lib/jwtear/utils.rb +1 -1
- data/lib/jwtear/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f24bff021d010c20bb782b7eff2f8d16f701918
|
|
4
|
+
data.tar.gz: 172ebf1bd6f14fcfe7612c68fd7943bdee6d4179
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 78bdee9155c4b0d508f21d664db28abc623207f960cf96560b4265ad0d676277fc12cc854207222eff8769c04bdc6fa9a163714b4a1e52a99386ff91eb1c994b
|
|
7
|
+
data.tar.gz: c74e12d75a5172ea39d716be0b237773e4c09c12d35955ac660c30372bfd466b8156c679e882b1db1c9a9f067237c0f44264062a1c5da48dab8cddf96bd1abc7
|
data/README.md
CHANGED
|
@@ -12,9 +12,8 @@ install it yourself as:
|
|
|
12
12
|
## Usage
|
|
13
13
|
|
|
14
14
|
```
|
|
15
|
-
$> jwtear -h
|
|
16
15
|
|
|
17
|
-
|
|
16
|
+
888888 888 888 88888888888
|
|
18
17
|
"88b 888 o 888 888
|
|
19
18
|
888 888 d8b 888 888
|
|
20
19
|
888 888 d888b 888 888 .d88b. 8888b. 888d888
|
|
@@ -22,22 +21,22 @@ $> jwtear -h
|
|
|
22
21
|
888 88888P Y88888 888 88888888 .d888888 888
|
|
23
22
|
88P 8888P Y8888 888 Y8b. 888 888 888
|
|
24
23
|
888 888P Y888 888 "Y8888 "Y888888 888
|
|
25
|
-
.d88P v0.1.
|
|
24
|
+
.d88P v0.1.2
|
|
26
25
|
.d88P"
|
|
27
26
|
888P"
|
|
28
27
|
JWTear - Parse, create and manipulate JWT tokens.
|
|
29
28
|
|
|
30
29
|
Help menu:
|
|
31
30
|
-p, --parse JWT_TOKEN Parse JWT token
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
31
|
+
-t, --generate-token Generate JWT token.
|
|
32
|
+
-s, --generate-sig Generate JWT signature.
|
|
33
|
+
-H, --header HEADER JWT header (JSON format). (required for generate-token and generate-sig)
|
|
35
34
|
eg. {"typ":"JWT","alg":"HS256"} | Supported algorithms: [HS256, RS512, etc]
|
|
36
|
-
|
|
35
|
+
-P, --payload PAYLOAD JWT payload (JSON format). (required for generate-token and generate-sig)
|
|
37
36
|
eg. {"login":"admin"}
|
|
38
|
-
|
|
37
|
+
-g, --alg ALGORITHM Force algorithm type when generating a new token (ignore the one in header). (optional with generate-token)
|
|
39
38
|
Supported algorithms: [HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512]
|
|
40
|
-
|
|
39
|
+
-k, --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig. Accept password as a string or a file)
|
|
41
40
|
eg. P@ssw0rd | eg. public_key.pem
|
|
42
41
|
-h, --help Show this help message
|
|
43
42
|
|
data/bin/jwtear
CHANGED
|
@@ -69,7 +69,7 @@ begin
|
|
|
69
69
|
puts "[+] ".dark_green + "Payload (claim segment):".bold.underline
|
|
70
70
|
jwt.payload.each {|key, value| puts " #{'-'.bold} #{key}: #{value}"}
|
|
71
71
|
puts "[+] ".dark_green + "Signature (envelope segment) - encoded:".bold.underline
|
|
72
|
-
puts
|
|
72
|
+
puts encode(jwt.signature) || '---[ no signature ]---'
|
|
73
73
|
|
|
74
74
|
# checking missing for generate_token
|
|
75
75
|
when options[:generate_token] && (options[:header] || options[:payload] || options[:key]).nil?
|
data/lib/jwtear/jwt.rb
CHANGED
|
@@ -36,7 +36,7 @@ module JWTear
|
|
|
36
36
|
is_token?(token)
|
|
37
37
|
_token = token.split('.')
|
|
38
38
|
@header = JSON.parse(decode(_token[0]))
|
|
39
|
-
@type, @alg = @header['
|
|
39
|
+
@type, @alg = @header['typ'], @header['alg']
|
|
40
40
|
@payload = JSON.parse(decode(_token[1]))
|
|
41
41
|
@signature = decode(_token[2]) unless (_token[2].nil? or _token[2].empty?)
|
|
42
42
|
set_hash_and_json
|
|
@@ -100,20 +100,29 @@ module JWTear
|
|
|
100
100
|
# @return [String] the generated token
|
|
101
101
|
#
|
|
102
102
|
def generate_token
|
|
103
|
+
begin
|
|
104
|
+
@header = JSON.parse(@header) unless @header.is_a?(Hash)
|
|
105
|
+
@payload = JSON.parse(@payload) unless @payload.is_a?(Hash)
|
|
106
|
+
@alg = @header['alg'] if @alg.nil? # if algorithm not forced, take if from the header
|
|
103
107
|
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
payload_encoded = encode(@payload.to_json)
|
|
110
|
-
data = "#{header_encoded}.#{payload_encoded}"
|
|
111
|
-
signature_encoded = encode(generate_sig(data, @alg, @key).signature)
|
|
112
|
-
token = [header_encoded, payload_encoded, signature_encoded].join('.')
|
|
113
|
-
|
|
114
|
-
set_hash_and_json
|
|
108
|
+
header_encoded = encode(@header.to_json)
|
|
109
|
+
payload_encoded = encode(@payload.to_json)
|
|
110
|
+
data = "#{header_encoded}.#{payload_encoded}"
|
|
111
|
+
signature_encoded = encode(generate_sig(data, @alg, @key).signature)
|
|
112
|
+
token = [header_encoded, payload_encoded, signature_encoded].join('.')
|
|
115
113
|
|
|
116
|
-
|
|
114
|
+
set_hash_and_json
|
|
115
|
+
token
|
|
116
|
+
rescue JSON::ParserError => e
|
|
117
|
+
puts '[x] '.red + "Invalid JSON: #{e.message}"
|
|
118
|
+
puts "[!] ".yellow + "Make sure you've single quoted your input: eg. --header #{"'".bold}{\"type\":\"JWT\",\"alg\":\"HS256\"}#{"'".bold}"
|
|
119
|
+
exit!
|
|
120
|
+
rescue Exception => e
|
|
121
|
+
puts "[x] ".red + "Unknown Exception: generate_sig"
|
|
122
|
+
puts '[!] '.yellow + 'Please report the issue at: https://github.com/KINGSABRI/jwtear/issues'.underline
|
|
123
|
+
puts e
|
|
124
|
+
puts e.backtrace
|
|
125
|
+
end
|
|
117
126
|
end
|
|
118
127
|
|
|
119
128
|
end
|
data/lib/jwtear/utils.rb
CHANGED
data/lib/jwtear/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwtear
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- KING SABRI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-01-
|
|
11
|
+
date: 2018-01-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: JWTear, command-line tool and library to parse, create and manipulate
|
|
14
14
|
JWT tokens for security testing purposes.
|