TokenLook ‐ TokenUse

Introduction

This directory inside the main repository contains source code files and configuration files, which will use the JWT tokens to perform mail related actions.

The main.py file

• This is the main source file which calls multiple methods and functions which are implemented in the tokenlook.py file
• The file is intended for the command line interface of the tool, and currently takes no command line arguments

The tokenlook.py file

• Source code implementing most API methods of the Outlook REST API.
• Also implements other misc functions used in the main.py file
• This file has reusable classes and functions, they will also be used in the app.py, which is the WebUI version of the tool

The app.py file

• WebUI implementation of the TokenLook tool

The tokenlook_config.json configuration file

• The example structure of the JSON configuration is below

{
  "current_jwt": ["JWT-VALUE1", "JWT-VALUE2"],
  "data_dir": "local_data",
  "proxy": ["http://127.0.0.1:8080", "PROXY2", "PROX3"],
  "mail_numb": 10,
  "keyword_search": ["pass", "username", "credentials", "key"]
}

• current_jwt : specify single or multiple JWT token values, the token values could be for different user accounts
• data_dir: specify the directory path to which the tool will save emails extracted in JSON format, as well as attachments extracted on demand
• proxy: specify the proxy to tunnel traffic through, leave empty to avoid using any proxy. Useful for debugging traffic, by using proxies such as BurpSuite
• mail_num: specify the maximum number of emails to extract, minimum value requirement is 10. Note that the tool extracts the emails universally, without specifying any specific folder such as Inbox or DRAFT. The maximum number specified here will be extracted globally, combined from all folders.
• keyword_search: specify a list of words to search inside the extracted emails, useful for scenarios such as looking for clear text credentials inside email content

Example execution

• When the tool is run for the first time, it will start with each JWT token present in the current_jwt list in the config file.
• For each JWT user context, the tool will extract the maximum number of emails specified by the mail_numb in the config file and then run the Send-Email --> Key-Search menus.
• If there are multiple JWT user contexts the flow is repeated for each user context.
  • In a future update, we will add initial check, which will loop through all JWT tokens present in the list, provide user with option to select the user context to use and then it will run the remaining flow including Send-Email and Key-Search menu against that particular user context.
• Below is a test run of tool

The Send-Email menu

• Once the tool is finished extracting number of emails specified in the config file for all the JWT user contexts
• It will automatically run the Send-Email menu
• The Send-Email menu is what allows the user to perform various mail related action
• Currently the menu has 18 options out of which 16 are mail related activities

Send Email without attachment - Menu option1

Send Email with attachment - Menu option2

Reply to a message (standard single reply) - Menu option3

Reply all to a message (reply all (same as mail app)) - Menu option4

Create a draft message without attachment (saved to the Drafts folder) - Menu option5

Send a draft message - Menu option6

Delete mail messages (Permanently Deleted) - Menu option7

Get current auto reply settings (view current auto reply settings) - Menu option8

Schedule auto reply [e.g OOO] - Menu option9

Get email attachment(s) - Menu option10

Delete email attachment(s) (Permanently Deleted) - Menu option11

Get folder collection (Get Info on all the Folders in mail client) - Menu option12

Create new folder - Menu option13

Update folder - Menu option14

Delete folder - Menu option15

Move or Copy folder - Menu option16

The Key-Search menu