Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add generate_jwt & json_{minify,prettify} helper functions #3160

Merged
merged 11 commits into from
Jan 15, 2023
Merged

Add generate_jwt & json_{minify,prettify} helper functions #3160

merged 11 commits into from
Jan 15, 2023

Conversation

dwisiswant0
Copy link
Contributor

@dwisiswant0 dwisiswant0 commented Jan 6, 2023
edited
Loading

Proposed changes

This change defines several functions that manipulate JSON strings in different ways:

  • The generate_jwt function generates a JSON Web Token (JWT) using the claims provided in a JSON string, the signature, and the specified algorithm.
  • The json_minify function minifies a JSON string by removing unnecessary whitespace.
  • The json_prettify function prettifies a JSON string by adding indentation.

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate) (Add JSON helper function documentations nuclei-docs#110)

@dwisiswant0 dwisiswant0 marked this pull request as draft January 6, 2023 14:47
@dwisiswant0 dwisiswant0 mentioned this pull request Jan 6, 2023
Closed
3 tasks
@dwisiswant0 dwisiswant0 marked this pull request as ready for review January 6, 2023 14:57
@ehsandeep ehsandeep changed the base branch from main to dev January 6, 2023 15:06
tarunKoyalwar
tarunKoyalwar requested changes Jan 6, 2023
View reviewed changes
v2/pkg/operators/common/dsl/dsl.go Outdated Show resolved Hide resolved
@dwisiswant0 dwisiswant0 marked this pull request as draft January 7, 2023 01:18
@dwisiswant0 dwisiswant0 marked this pull request as ready for review January 7, 2023 07:18
@dwisiswant0
Copy link
Contributor Author

dwisiswant0 commented Jan 7, 2023
edited by tarunKoyalwar
Loading

Because the input from generate_jwt uses an interface{} type, therefore using the quote_escape function is not really necessary, so I decided to delete it.

Here is an update test case:

  • Template:
# template.yaml
id: generate-jwt-helper-functions

info:
  name: RAW Template with generate_jwt Helper Functions
  author: dwisiswant0
  severity: info

variables:
  json: |
    {
      "name": "John Doe",
      "foo": "bar"
    }
  json_compact: |
    {"name": "John Doe","foo": "bar"}
  maxAge: '{{to_unix_time("2034-12-30T16:30:10+00:00")}}'

requests:
  - raw:
      - |+ # Generate JWT & minify the JSON data
        POST /generate_jwt HTTP/1.1
        Authorization: Bearer {{generate_jwt(json, "HS256", "hello-world")}}
        X-Notes: This-JWT-should-be-the-same-as-the-JSON-compact-data-in-the-request-below

        {{json_minify(json)}}

      - |+ # Generate JWT with compact data & prettify
        POST /generate_jwt-prettify HTTP/1.1
        Authorization: Bearer {{generate_jwt(json_compact, "HS256", "hello-world")}}
        X-Notes: This-JWT-should-be-the-same-as-the-normal-JSON-data-in-the-request-above

        {{json_prettify(json_compact)}}

      - |+ # With none algorithm
        GET /generate_jwt-none HTTP/1.1
        Authorization: Bearer {{generate_jwt(json, "nOnE")}}

      - |+ # With empty signature
        GET /generate_jwt-empty-signature HTTP/1.1
        Authorization: Bearer {{generate_jwt(json, "HS256", "")}}

      - |+ # With max age defined
        GET /generate_jwt-max-age HTTP/1.1
        Authorization: Bearer {{generate_jwt(json, "HS256", "hello-world", maxAge)}}
  • Usage:
$ go run cmd/nuclei/main.go -duc -t template.yaml -debug-req -u http://localhost 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.6

		projectdiscovery.io

[INF] Using Nuclei Engine 2.8.6 (outdated)
[INF] Using Nuclei Templates  (outdated)
[INF] Templates added in last update: 0
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt

POST /generate_jwt HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-JSON-compact-data-in-the-request-below

{"foo":"bar","name":"John Doe"}

[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-prettify

POST /generate_jwt-prettify HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-normal-JSON-data-in-the-request-above

{
    "name": "John Doe",
    "foo": "bar"
}


[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-none

GET /generate_jwt-none HTTP/1.1
Authorization: Bearer eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.

[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-empty-signature

GET /generate_jwt-empty-signature HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.mba3WxAJP0ExW7yzDTAG3jslEQj5HfhBos6bD0R6ABQ

[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-max-age

GET /generate_jwt-max-age HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE2NzMwODY4OTgsImV4cCI6MjA1MTEwOTAxMH0.d_HzXqMXnKN1KXVQszwQIStAFv3nIPba1qUs-9KS3iA

[INF] No results found. Better luck next time!

@dwisiswant0 dwisiswant0 changed the title Add generate_jwt, json_{minify,prettify} & quote_escape helper functions Add generate_jwt & json_{minify,prettify} helper functions Jan 7, 2023
tarunKoyalwar
tarunKoyalwar approved these changes Jan 13, 2023
View reviewed changes
Copy link
Member

@tarunKoyalwar tarunKoyalwar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@tarunKoyalwar
Copy link
Member

tarunKoyalwar commented Jan 13, 2023
edited
Loading

Things to Note

  • Dependency https://github.com/kataras/jwt
  • If given optional algorithm is empty or none,None (any other case . the algorithm value in jwt string is set toNONE

@tarunKoyalwar
Copy link
Member 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.6

		projectdiscovery.io

[INF] Using Nuclei Engine 2.8.6 (latest)
[INF] Using Nuclei Templates 9.3.4 (latest)
[INF] Templates added in last update: 15
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] [generate-jwt-helper-functions] Dumped HTTP request for https://scanme.sh/generate_jwt

POST /generate_jwt HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
Content-Length: 33
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-JSON-compact-data-in-the-request-below
Accept-Encoding: gzip

{"foo":"bar","name":"John Doe"}


POST /generate_jwt-prettify HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 47
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-normal-JSON-data-in-the-request-above
Accept-Encoding: gzip

{
    "name": "John Doe",
    "foo": "bar"
}



GET /generate_jwt-none HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.
Accept-Encoding: gzip



GET /generate_jwt-empty-signature HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.mba3WxAJP0ExW7yzDTAG3jslEQj5HfhBos6bD0R6ABQ
Accept-Encoding: gzip



GET /generate_jwt-max-age HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE2NzM2MTAyNTUsImV4cCI6MjA1MTEwOTAxMH0.9Tc-zNnc0IpVfnnLrUDLUB2WDZODj5lz1mVqkwswdeI
Accept-Encoding: gzip

@dwisiswant0
Copy link
Contributor Author

...

  • If given algorithm is none,None etc . the algorithm value in jwt string is alwaysNONE

I regret to inform you that the notes provided require correction. If the supplied optionalAlgorithm argument is an empty string (""), None/nOnE (any mixed-case) - then it's set as NONE, otherwise, and/or not listed in case of R844-R869 (after converting its value to uppercase), it will return an error.

@tarunKoyalwar
Copy link
Member

@dwisiswant0 , If I am not wrong If I want alg type to be noNe in jwt string . It is not possible here because we use jwt.NONE interfact/struct .
Ex: If we take jwt string from example 3 the jwt string is
Screenshot 2023-01-13 at 5 33 14 PM

@tarunKoyalwar
Copy link
Member

@dwisiswant0 , I explicitly wanted to mention above case but I have also updated my earlier comment

@tarunKoyalwar tarunKoyalwar removed the request for review from ehsandeep January 13, 2023 12:11
@tarunKoyalwar
Copy link
Member

Minor Improvements

  • none jwt alg value is not converted to uppercase anymore
# template.yaml
id: generate-jwt-helper-functions

info:
  name: RAW Template with generate_jwt Helper Functions
  author: dwisiswant0
  severity: info

variables:
  json: |
    {
      "name": "John Doe",
      "foo": "bar"
    }
  json_compact: |
    {"name": "John Doe","foo": "bar"}
  maxAge: '{{to_unix_time("2034-12-30T16:30:10+00:00")}}'

requests:
  - raw:
      - |+ # With none algorithm
        GET /generate_jwt-none HTTP/1.1
        Authorization: Bearer {{generate_jwt(json, "nOnE")}}

      - |+ # With none algorithm
        GET /generate_jwt-none HTTP/1.1
        Authorization: Bearer {{generate_jwt(json, "nONe")}}
./nuclei -u https://scanme.sh -t ~/test/jwtfuzz.yaml -debug-req

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.6

		projectdiscovery.io

[INF] Using Nuclei Engine 2.8.6 (latest)
[INF] Using Nuclei Templates 9.3.4 (latest)
[INF] Templates added in last update: 15
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] [generate-jwt-helper-functions] Dumped HTTP request for https://scanme.sh/generate_jwt-none

GET /generate_jwt-none HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJuT25FIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.
Accept-Encoding: gzip

[INF] [generate-jwt-helper-functions] Dumped HTTP request for https://scanme.sh/generate_jwt-none

GET /generate_jwt-none HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F
Connection: close
Authorization: Bearer eyJhbGciOiJuT05lIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.
Accept-Encoding: gzip

[INF] No results found. Better luck next time!

@tarunKoyalwar
Copy link
Member

Screenshot 2023-01-13 at 6 02 42 PM

@ehsandeep ehsandeep merged commit 94ec553 into projectdiscovery:dev Jan 15, 2023
@dwisiswant0 dwisiswant0 deleted the feat/helper/generate_jwt branch January 15, 2023 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@tarunKoyalwar tarunKoyalwar tarunKoyalwar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dwisiswant0 @tarunKoyalwar @ehsandeep