-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add generate_jwt & json_{minify,prettify} helper functions #3160
Add generate_jwt & json_{minify,prettify} helper functions #3160
Conversation
ccbc283
to
3e34e83
Compare
Because the input from Here is an update test case:
# template.yaml
id: generate-jwt-helper-functions
info:
name: RAW Template with generate_jwt Helper Functions
author: dwisiswant0
severity: info
variables:
json: |
{
"name": "John Doe",
"foo": "bar"
}
json_compact: |
{"name": "John Doe","foo": "bar"}
maxAge: '{{to_unix_time("2034-12-30T16:30:10+00:00")}}'
requests:
- raw:
- |+ # Generate JWT & minify the JSON data
POST /generate_jwt HTTP/1.1
Authorization: Bearer {{generate_jwt(json, "HS256", "hello-world")}}
X-Notes: This-JWT-should-be-the-same-as-the-JSON-compact-data-in-the-request-below
{{json_minify(json)}}
- |+ # Generate JWT with compact data & prettify
POST /generate_jwt-prettify HTTP/1.1
Authorization: Bearer {{generate_jwt(json_compact, "HS256", "hello-world")}}
X-Notes: This-JWT-should-be-the-same-as-the-normal-JSON-data-in-the-request-above
{{json_prettify(json_compact)}}
- |+ # With none algorithm
GET /generate_jwt-none HTTP/1.1
Authorization: Bearer {{generate_jwt(json, "nOnE")}}
- |+ # With empty signature
GET /generate_jwt-empty-signature HTTP/1.1
Authorization: Bearer {{generate_jwt(json, "HS256", "")}}
- |+ # With max age defined
GET /generate_jwt-max-age HTTP/1.1
Authorization: Bearer {{generate_jwt(json, "HS256", "hello-world", maxAge)}}
$ go run cmd/nuclei/main.go -duc -t template.yaml -debug-req -u http://localhost
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.8.6
projectdiscovery.io
[INF] Using Nuclei Engine 2.8.6 (outdated)
[INF] Using Nuclei Templates (outdated)
[INF] Templates added in last update: 0
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt
POST /generate_jwt HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-JSON-compact-data-in-the-request-below
{"foo":"bar","name":"John Doe"}
[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-prettify
POST /generate_jwt-prettify HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-normal-JSON-data-in-the-request-above
{
"name": "John Doe",
"foo": "bar"
}
[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-none
GET /generate_jwt-none HTTP/1.1
Authorization: Bearer eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.
[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-empty-signature
GET /generate_jwt-empty-signature HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.mba3WxAJP0ExW7yzDTAG3jslEQj5HfhBos6bD0R6ABQ
[INF] [generate-jwt-helper-functions] Dumped HTTP request for http://localhost/generate_jwt-max-age
GET /generate_jwt-max-age HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE2NzMwODY4OTgsImV4cCI6MjA1MTEwOTAxMH0.d_HzXqMXnKN1KXVQszwQIStAFv3nIPba1qUs-9KS3iA
[INF] No results found. Better luck next time! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
Things to Note
|
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.8.6
projectdiscovery.io
[INF] Using Nuclei Engine 2.8.6 (latest)
[INF] Using Nuclei Templates 9.3.4 (latest)
[INF] Templates added in last update: 15
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] [generate-jwt-helper-functions] Dumped HTTP request for https://scanme.sh/generate_jwt
POST /generate_jwt HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36
Connection: close
Content-Length: 33
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-JSON-compact-data-in-the-request-below
Accept-Encoding: gzip
{"foo":"bar","name":"John Doe"}
POST /generate_jwt-prettify HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36
Connection: close
Content-Length: 47
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.EsrL8lIcYJR_Ns-JuhF3VCllCP7xwbpMCCfHin_WT6U
X-Notes: This-JWT-should-be-the-same-as-the-normal-JSON-data-in-the-request-above
Accept-Encoding: gzip
{
"name": "John Doe",
"foo": "bar"
}
GET /generate_jwt-none HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJOT05FIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.
Accept-Encoding: gzip
GET /generate_jwt-empty-signature HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.mba3WxAJP0ExW7yzDTAG3jslEQj5HfhBos6bD0R6ABQ
Accept-Encoding: gzip
GET /generate_jwt-max-age HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE2NzM2MTAyNTUsImV4cCI6MjA1MTEwOTAxMH0.9Tc-zNnc0IpVfnnLrUDLUB2WDZODj5lz1mVqkwswdeI
Accept-Encoding: gzip |
I regret to inform you that the notes provided require correction. If the supplied |
@dwisiswant0 , If I am not wrong If I want alg type to be |
@dwisiswant0 , I explicitly wanted to mention above case but I have also updated my earlier comment |
Minor Improvements
# template.yaml
id: generate-jwt-helper-functions
info:
name: RAW Template with generate_jwt Helper Functions
author: dwisiswant0
severity: info
variables:
json: |
{
"name": "John Doe",
"foo": "bar"
}
json_compact: |
{"name": "John Doe","foo": "bar"}
maxAge: '{{to_unix_time("2034-12-30T16:30:10+00:00")}}'
requests:
- raw:
- |+ # With none algorithm
GET /generate_jwt-none HTTP/1.1
Authorization: Bearer {{generate_jwt(json, "nOnE")}}
- |+ # With none algorithm
GET /generate_jwt-none HTTP/1.1
Authorization: Bearer {{generate_jwt(json, "nONe")}} ./nuclei -u https://scanme.sh -t ~/test/jwtfuzz.yaml -debug-req
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.8.6
projectdiscovery.io
[INF] Using Nuclei Engine 2.8.6 (latest)
[INF] Using Nuclei Templates 9.3.4 (latest)
[INF] Templates added in last update: 15
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] [generate-jwt-helper-functions] Dumped HTTP request for https://scanme.sh/generate_jwt-none
GET /generate_jwt-none HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
Connection: close
Authorization: Bearer eyJhbGciOiJuT25FIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.
Accept-Encoding: gzip
[INF] [generate-jwt-helper-functions] Dumped HTTP request for https://scanme.sh/generate_jwt-none
GET /generate_jwt-none HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F
Connection: close
Authorization: Bearer eyJhbGciOiJuT05lIiwidHlwIjoiSldUIn0.eyJmb28iOiJiYXIiLCJuYW1lIjoiSm9obiBEb2UifQ.
Accept-Encoding: gzip
[INF] No results found. Better luck next time! |
Proposed changes
This change defines several functions that manipulate JSON strings in different ways:
generate_jwt
function generates a JSON Web Token (JWT) using the claims provided in a JSON string, the signature, and the specified algorithm.json_minify
function minifies a JSON string by removing unnecessary whitespace.json_prettify
function prettifies a JSON string by adding indentation.Checklist