jwtear 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +8 -9
- data/bin/jwtear +1 -1
- data/lib/jwtear/jwt.rb +22 -13
- data/lib/jwtear/utils.rb +1 -1
- data/lib/jwtear/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3f24bff021d010c20bb782b7eff2f8d16f701918
|
4
|
+
data.tar.gz: 172ebf1bd6f14fcfe7612c68fd7943bdee6d4179
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 78bdee9155c4b0d508f21d664db28abc623207f960cf96560b4265ad0d676277fc12cc854207222eff8769c04bdc6fa9a163714b4a1e52a99386ff91eb1c994b
|
7
|
+
data.tar.gz: c74e12d75a5172ea39d716be0b237773e4c09c12d35955ac660c30372bfd466b8156c679e882b1db1c9a9f067237c0f44264062a1c5da48dab8cddf96bd1abc7
|
data/README.md
CHANGED
@@ -12,9 +12,8 @@ install it yourself as:
|
|
12
12
|
## Usage
|
13
13
|
|
14
14
|
```
|
15
|
-
$> jwtear -h
|
16
15
|
|
17
|
-
|
16
|
+
888888 888 888 88888888888
|
18
17
|
"88b 888 o 888 888
|
19
18
|
888 888 d8b 888 888
|
20
19
|
888 888 d888b 888 888 .d88b. 8888b. 888d888
|
@@ -22,22 +21,22 @@ $> jwtear -h
|
|
22
21
|
888 88888P Y88888 888 88888888 .d888888 888
|
23
22
|
88P 8888P Y8888 888 Y8b. 888 888 888
|
24
23
|
888 888P Y888 888 "Y8888 "Y888888 888
|
25
|
-
.d88P v0.1.
|
24
|
+
.d88P v0.1.2
|
26
25
|
.d88P"
|
27
26
|
888P"
|
28
27
|
JWTear - Parse, create and manipulate JWT tokens.
|
29
28
|
|
30
29
|
Help menu:
|
31
30
|
-p, --parse JWT_TOKEN Parse JWT token
|
32
|
-
|
33
|
-
|
34
|
-
|
31
|
+
-t, --generate-token Generate JWT token.
|
32
|
+
-s, --generate-sig Generate JWT signature.
|
33
|
+
-H, --header HEADER JWT header (JSON format). (required for generate-token and generate-sig)
|
35
34
|
eg. {"typ":"JWT","alg":"HS256"} | Supported algorithms: [HS256, RS512, etc]
|
36
|
-
|
35
|
+
-P, --payload PAYLOAD JWT payload (JSON format). (required for generate-token and generate-sig)
|
37
36
|
eg. {"login":"admin"}
|
38
|
-
|
37
|
+
-g, --alg ALGORITHM Force algorithm type when generating a new token (ignore the one in header). (optional with generate-token)
|
39
38
|
Supported algorithms: [HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512]
|
40
|
-
|
39
|
+
-k, --key SECRET Secret Key for symmetric encryption. (required for generate-token and generate-sig. Accept password as a string or a file)
|
41
40
|
eg. P@ssw0rd | eg. public_key.pem
|
42
41
|
-h, --help Show this help message
|
43
42
|
|
data/bin/jwtear
CHANGED
@@ -69,7 +69,7 @@ begin
|
|
69
69
|
puts "[+] ".dark_green + "Payload (claim segment):".bold.underline
|
70
70
|
jwt.payload.each {|key, value| puts " #{'-'.bold} #{key}: #{value}"}
|
71
71
|
puts "[+] ".dark_green + "Signature (envelope segment) - encoded:".bold.underline
|
72
|
-
puts
|
72
|
+
puts encode(jwt.signature) || '---[ no signature ]---'
|
73
73
|
|
74
74
|
# checking missing for generate_token
|
75
75
|
when options[:generate_token] && (options[:header] || options[:payload] || options[:key]).nil?
|
data/lib/jwtear/jwt.rb
CHANGED
@@ -36,7 +36,7 @@ module JWTear
|
|
36
36
|
is_token?(token)
|
37
37
|
_token = token.split('.')
|
38
38
|
@header = JSON.parse(decode(_token[0]))
|
39
|
-
@type, @alg = @header['
|
39
|
+
@type, @alg = @header['typ'], @header['alg']
|
40
40
|
@payload = JSON.parse(decode(_token[1]))
|
41
41
|
@signature = decode(_token[2]) unless (_token[2].nil? or _token[2].empty?)
|
42
42
|
set_hash_and_json
|
@@ -100,20 +100,29 @@ module JWTear
|
|
100
100
|
# @return [String] the generated token
|
101
101
|
#
|
102
102
|
def generate_token
|
103
|
+
begin
|
104
|
+
@header = JSON.parse(@header) unless @header.is_a?(Hash)
|
105
|
+
@payload = JSON.parse(@payload) unless @payload.is_a?(Hash)
|
106
|
+
@alg = @header['alg'] if @alg.nil? # if algorithm not forced, take if from the header
|
103
107
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
payload_encoded = encode(@payload.to_json)
|
110
|
-
data = "#{header_encoded}.#{payload_encoded}"
|
111
|
-
signature_encoded = encode(generate_sig(data, @alg, @key).signature)
|
112
|
-
token = [header_encoded, payload_encoded, signature_encoded].join('.')
|
113
|
-
|
114
|
-
set_hash_and_json
|
108
|
+
header_encoded = encode(@header.to_json)
|
109
|
+
payload_encoded = encode(@payload.to_json)
|
110
|
+
data = "#{header_encoded}.#{payload_encoded}"
|
111
|
+
signature_encoded = encode(generate_sig(data, @alg, @key).signature)
|
112
|
+
token = [header_encoded, payload_encoded, signature_encoded].join('.')
|
115
113
|
|
116
|
-
|
114
|
+
set_hash_and_json
|
115
|
+
token
|
116
|
+
rescue JSON::ParserError => e
|
117
|
+
puts '[x] '.red + "Invalid JSON: #{e.message}"
|
118
|
+
puts "[!] ".yellow + "Make sure you've single quoted your input: eg. --header #{"'".bold}{\"type\":\"JWT\",\"alg\":\"HS256\"}#{"'".bold}"
|
119
|
+
exit!
|
120
|
+
rescue Exception => e
|
121
|
+
puts "[x] ".red + "Unknown Exception: generate_sig"
|
122
|
+
puts '[!] '.yellow + 'Please report the issue at: https://github.com/KINGSABRI/jwtear/issues'.underline
|
123
|
+
puts e
|
124
|
+
puts e.backtrace
|
125
|
+
end
|
117
126
|
end
|
118
127
|
|
119
128
|
end
|
data/lib/jwtear/utils.rb
CHANGED
data/lib/jwtear/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwtear
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- KING SABRI
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-01-
|
11
|
+
date: 2018-01-27 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: JWTear, command-line tool and library to parse, create and manipulate
|
14
14
|
JWT tokens for security testing purposes.
|