v2.1.0

[+] NEW exploit: null signature (`-X n`) [+] NEW scanner mode: Inject Common Claims (`-M cc`) [+] additional checks in 'Playbook' scan mode (`-M pb`) [+] multiple custom headers now supported (`-rh`) [+] reflective JWKS URL created automatically in config file - for JKU/Spoof JWKS attacks (`-X s`) [+] checks added for old/incompatible config files [+] report on long HTTP response times Bugfixes: * fixed colours not working in Windows cmd/Powershell * fixed capitalisation issue in config file * fixed broken null signed kid attacks in ScanModePlaybook()
ticarpi · Nov 11, 2020 · bbaab18 · bbaab18
1 parent 6dc2a07
commit bbaab18
Show file tree

Hide file tree

Showing 4 changed files with 308 additions and 89 deletions.
diff --git a/README.md b/README.md
@@ -46,6 +46,13 @@ On first run the tool will generate a config file, some utility files, logfile,
 * In order to capture external service interactions - such as DNS lookups and HTTP requests - put your unique address for Burp Collaborator (or other alternative tools such as RequestBin) into the config file as the "httplistener" value.  
 ***Review the other options in the config file to customise your experience.***
 
+### Colour bug in Windows
+To fix broken colours in Windows cmd/Powershell: uncomment the below two lines in `jwt_tool.py` (remove the "# " from the beginning of each line)  
+You will also need to install colorama: `python3 -m pip install colorama`
+```
+# import colorama
+# colorama.init()
+```
 ---
 
 ## Usage
@@ -130,6 +137,21 @@ Head over to the [JWT Attack Playbook](https://github.com/ticarpi/jwt_tool/wiki)
 
 ## Version History/Changelog
 
+### v2.1.0
+* November 2020
+* Python 3.x
+* [+] NEW exploit: null signature (`-X n`)  
+* [+] NEW scanner mode: Inject Common Claims (`-M cc`)  
+* [+] additional checks in 'Playbook' scan mode (`-M pb`)  
+* [+] multiple custom headers now supported (`-rh`)  
+* [+] reflective JWKS URL created automatically in config file - for JKU/Spoof JWKS attacks (`-X s`)  
+* [+] checks added for old/incompatible config files  
+* [+] report on long HTTP response times  
+* Bugfixes:  
+  * fixed colours not working in Windows cmd/Powershell  
+  * fixed capitalisation issue in config file  
+  * fixed broken null signed kid attacks in ScanModePlaybook()  
+
 ### v2.0
 * October 2020
 * Python 3.x

diff --git a/common-headers.txt b/common-headers.txt
@@ -0,0 +1,5 @@
+typ
+jku
+kid
+x5u
+x5t
diff --git a/common-payloads.txt b/common-payloads.txt
@@ -0,0 +1,60 @@
+iss
+sub
+aud
+exp
+nbf
+iat
+jti
+name
+given_name
+family_name
+middle_name
+nickname
+preferred_username
+profile
+picture
+website
+email
+email_verified
+gender
+birthdate
+zoneinfo
+locale
+phone_number
+phone_number_verified
+address
+updated_at
+azp
+nonce
+auth_time
+at_hash
+c_hash
+acr
+amr
+sub_jwk
+cnf
+sip_from_tag
+sip_date
+sip_callid
+sip_cseq_num
+sip_via_branch
+orig
+dest
+mky
+events
+toe
+txn
+rph
+sid
+vot
+vtm
+attest
+origid
+act
+scope
+client_id
+may_act
+jcard
+at_use_nbr
+div
+opt
-Original file line number
+Diff line change
@@ -0,0 +1,5 @@
+    typ
+    jku
+    kid
+    x5u
+    x5t