scythe-ttp 0.17.4__py3-none-any.whl → 0.17.5__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of scythe-ttp might be problematic. Click here for more details.

Files changed (7) hide show
  1. scythe/auth/cookie_jwt.py +31 -9
  2. {scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/METADATA +1 -1
  3. {scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/RECORD +7 -7
  4. {scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/WHEEL +0 -0
  5. {scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/entry_points.txt +0 -0
  6. {scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/licenses/LICENSE +0 -0
  7. {scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/top_level.txt +0 -0
scythe/auth/cookie_jwt.py CHANGED
@@ -49,14 +49,17 @@ class CookieJWTAuth(Authentication):
49
49
 
50
50
  Behavior:
51
51
  - In API mode: JourneyExecutor will call get_auth_cookies(); this class will
52
- perform a POST to login_url (if token not cached), parse JSON, extract the
53
- token via jwt_json_path, and return {cookie_name: token}.
52
+ perform a POST to login_url (if token not cached), extract the token, and
53
+ return {cookie_name: token}.
54
54
  - In UI mode: authenticate() will ensure the browser has the cookie set for
55
55
  the target domain.
56
56
 
57
57
  Parameters:
58
58
  - content_type: Either "json" (default) to send payload as JSON, or "form"
59
59
  to send as application/x-www-form-urlencoded form data.
60
+ - jwt_source: Either "json" (default) to extract JWT from the JSON response body
61
+ using jwt_json_path, or "cookie" to extract it from the Set-Cookie response header
62
+ using cookie_name.
60
63
  """
61
64
 
62
65
  def __init__(self,
@@ -69,6 +72,7 @@ class CookieJWTAuth(Authentication):
69
72
  jwt_json_path: str = "token",
70
73
  cookie_name: str = "stellarbridge",
71
74
  content_type: str = "json",
75
+ jwt_source: str = "json",
72
76
  session: Optional[requests.Session] = None,
73
77
  description: str = "Authenticate via API and set JWT cookie"):
74
78
  super().__init__(
@@ -84,6 +88,7 @@ class CookieJWTAuth(Authentication):
84
88
  self.jwt_json_path = jwt_json_path
85
89
  self.cookie_name = cookie_name
86
90
  self.content_type = content_type
91
+ self.jwt_source = jwt_source
87
92
  # Avoid importing requests in test environments; allow injected session
88
93
  self._session = session or (requests.Session() if requests is not None else None)
89
94
  self.token: Optional[str] = None
@@ -99,15 +104,32 @@ class CookieJWTAuth(Authentication):
99
104
  resp = self._session.post(self.login_url, json=payload, timeout=15)
100
105
  # try json; raise on non-2xx to surface errors
101
106
  resp.raise_for_status()
102
- data = resp.json()
103
107
  except Exception as e:
104
108
  raise AuthenticationError(f"Login request failed: {e}", self.name)
105
- token = _extract_by_dot_path(data, self.jwt_json_path)
106
- if not token or not isinstance(token, str):
107
- raise AuthenticationError(
108
- f"JWT not found at path '{self.jwt_json_path}' in login response",
109
- self.name,
110
- )
109
+
110
+ # Extract token from either response cookies or JSON body
111
+ token = None
112
+ if self.jwt_source == "cookie":
113
+ # Extract from response cookies
114
+ token = resp.cookies.get(self.cookie_name)
115
+ if not token or not isinstance(token, str):
116
+ raise AuthenticationError(
117
+ f"JWT cookie '{self.cookie_name}' not found in login response",
118
+ self.name,
119
+ )
120
+ else:
121
+ # Extract from JSON response body
122
+ try:
123
+ data = resp.json()
124
+ except Exception as e:
125
+ raise AuthenticationError(f"Failed to parse JSON response: {e}", self.name)
126
+ token = _extract_by_dot_path(data, self.jwt_json_path)
127
+ if not token or not isinstance(token, str):
128
+ raise AuthenticationError(
129
+ f"JWT not found at path '{self.jwt_json_path}' in login response",
130
+ self.name,
131
+ )
132
+
111
133
  self.token = token
112
134
  self.store_auth_data('jwt', token)
113
135
  self.store_auth_data('login_time', time.time())
{scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: scythe-ttp
3
- Version: 0.17.4
3
+ Version: 0.17.5
4
4
  Summary: An extensible framework for emulating attacker TTPs with Selenium.
5
5
  Author-email: EpykLab <cyber@epyklab.com>
6
6
  Classifier: Programming Language :: Python :: 3
{scythe_ttp-0.17.4.dist-info → scythe_ttp-0.17.5.dist-info}/RECORD RENAMED
@@ -3,7 +3,7 @@ scythe/auth/__init__.py,sha256=InEANqWEIAULFyzH9IyxWDPs_gJd3m_JYmzoaBk_37M,420
3
3
  scythe/auth/base.py,sha256=DllKaPGj0MRyRh4PQgQ2TUFgeAXjgXOT2h6zUz2ZAag,3807
4
4
  scythe/auth/basic.py,sha256=H4IG9-Y7wFe7ZQCNHmmqhre-Pp9CnBxlT23h2uvOPWo,14354
5
5
  scythe/auth/bearer.py,sha256=ngOL-sS6FcfB8XAKMR-CZbpqyySu2MaKxUl10SyBmmI,12687
6
- scythe/auth/cookie_jwt.py,sha256=YJP40A74hYrKSFXDcMSfmWlouOc_tPI4321UAswvRa4,6652
6
+ scythe/auth/cookie_jwt.py,sha256=A5ysCd6mVPNRj3aGNhk68GyM8A2hNW4BqCLZOQ8sa5U,7610
7
7
  scythe/behaviors/__init__.py,sha256=w-WRBGRgna5a1N8oHP2aXSQnkQUHyOXiujpwEVf_ZyM,291
8
8
  scythe/behaviors/base.py,sha256=INvIYKVIWzEi5w_4njOwKZ3X9IvySvqiMJnYX7_2Lns,3955
9
9
  scythe/behaviors/default.py,sha256=MDx4N-KwC23pPLGu1-ZIkGiTRNUG3Lxjbvo7SJ3UwMc,2117
@@ -32,9 +32,9 @@ scythe/ttps/web/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
32
32
  scythe/ttps/web/login_bruteforce.py,sha256=ybmN2Vl9-p58YbOchirY1193GvlaTmUTW1qlluN_l3I,7816
33
33
  scythe/ttps/web/sql_injection.py,sha256=rIRHaRUilSrMA5q5MO1RqR6-TM_fRIiCanPaFz5wKKs,11712
34
34
  scythe/ttps/web/uuid_guessing.py,sha256=JwNt_9HVynMWFPPU6UGJFcpxvMVDsvc_wAnJVtcYbps,1235
35
- scythe_ttp-0.17.4.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
36
- scythe_ttp-0.17.4.dist-info/METADATA,sha256=GxFEimDo4r_WDY2KHy26MvpRJZJmM07DKV9q2wfioCw,30188
37
- scythe_ttp-0.17.4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
38
- scythe_ttp-0.17.4.dist-info/entry_points.txt,sha256=rAAsFBcCm0OX3I4uRyclfx4YJGoTuumZKY43HN7R5Ro,48
39
- scythe_ttp-0.17.4.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
40
- scythe_ttp-0.17.4.dist-info/RECORD,,
35
+ scythe_ttp-0.17.5.dist-info/licenses/LICENSE,sha256=B7iB4Fv6zDQolC7IgqNF8F4GEp_DLe2jrPPuR_MYMOM,1064
36
+ scythe_ttp-0.17.5.dist-info/METADATA,sha256=ipDl_VEN5UOjhta5W1YdPcMlGE0p5-QXhs4_CjZ-DhI,30188
37
+ scythe_ttp-0.17.5.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
38
+ scythe_ttp-0.17.5.dist-info/entry_points.txt,sha256=rAAsFBcCm0OX3I4uRyclfx4YJGoTuumZKY43HN7R5Ro,48
39
+ scythe_ttp-0.17.5.dist-info/top_level.txt,sha256=BCKTrPuVvmLyhOR07C1ggOh6sU7g2LoVvwDMn46O55Y,7
40
+ scythe_ttp-0.17.5.dist-info/RECORD,,