forked from V9Y1nf0S3C/BurpExtension-JWT-4-session-handling
-
Notifications
You must be signed in to change notification settings - Fork 0
/
jwt_2_set_jwt.py
150 lines (115 loc) · 4.51 KB
/
jwt_2_set_jwt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
"""
By: V9Y1nf0S3C (https://github.com/V9Y1nf0S3C/)
Purpose:
1.Get the access_token from the Burp cookie jar
2.Set the access_token in burp request (Session handling Rules)
Scope: as defined in Session handling Rules
This script is modified from the below reference as per my needs.
Ref:
https://www.ryanwendel.com/2019/09/07/using-burp-suites-cookie-jar-for-json-web-tokens/
"""
# python imports
import re
import sys
# Burp specific imports
from burp import IBurpExtender
from burp import ISessionHandlingAction
from burp import ICookie
import datetime
# For using the debugging tools from
# https://github.com/securityMB/burp-exceptions
try:
from exceptions_fix import FixBurpExceptions
except ImportError:
pass
class Cookie(ICookie):
def getDomain(self):
return self.cookie_domain
def getPath(self):
return self.cookie_path
def getExpiration(self):
return self.cookie_expiration
def getName(self):
return self.cookie_name
def getValue(self):
return self.cookie_value
def __init__(self, cookie_domain=None, cookie_name=None, cookie_value=None, cookie_path=None, cookie_expiration=None):
self.cookie_domain = cookie_domain
self.cookie_name = cookie_name
self.cookie_value = cookie_value
self.cookie_path = cookie_path
self.cookie_expiration = cookie_expiration
class BurpExtender(IBurpExtender, ISessionHandlingAction):
#
# Define config and gui variables
#
cookieName = 'access_token'
cookieDomain = 'localhost'
header_name = 'Authorization: Bearer'
#
# Define some cookie functions
#
def deleteCookie(self, domain, name):
cookies = self.callbacks.getCookieJarContents()
for cookie in cookies:
#self.stdout.println("%s = %s" % (cookie.getName(), cookie.getValue()))
if cookie.getDomain() == domain and cookie.getName() == name:
cookie_to_be_nuked = Cookie(cookie.getDomain(), cookie.getName(), None, cookie.getPath(), cookie.getExpiration())
self.callbacks.updateCookieJar(cookie_to_be_nuked)
break
def createCookie(self, domain, name, value, path=None, expiration=None):
cookie_to_be_created = Cookie(domain, name, value, path, expiration)
self.callbacks.updateCookieJar(cookie_to_be_created)
def setCookie(self, domain, name, value):
cookies = self.callbacks.getCookieJarContents()
for cookie in cookies:
#self.stdout.println("%s = %s" % (cookie.getName(), cookie.getValue()))
if cookie.getDomain() == domain and cookie.getName() == name:
cookie_to_be_set = Cookie(cookie.getDomain(), cookie.getName(), value, cookie.getPath(), cookie.getExpiration())
self.callbacks.updateCookieJar(cookie_to_be_set)
break
def getCookieValue(self, domain, name):
cookies = self.callbacks.getCookieJarContents()
for cookie in cookies:
#self.stdout.println("%s = %s" % (cookie.getName(), cookie.getValue()))
if cookie.getDomain() == domain and cookie.getName() == name:
return cookie.getValue()
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self.callbacks = callbacks
# obtain an extension helpers object
self.helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("V9Y-JWT(2)-Set JWT(update request)")
# register ourselves a Session Handling Action
callbacks.registerSessionHandlingAction(self)
# Used by the custom debugging tools
sys.stdout = callbacks.getStdout()
print("DEBUG: V9Y-JWT(2)-Set JWT(update request) - Enabled!")
return
#
# Implement ISessionHandlingAction
#
def getActionName(self):
return "V9Y-JWT(2)-Set JWT(update request)"
def performAction(self, current_request, macro_items):
# grab some stuff from the current request
req_text = self.helpers.bytesToString(current_request.getRequest())
# grab jwt from cookie jar
jwt = self.getCookieValue(self.cookieDomain, self.cookieName)
# does a value exist yet?
if jwt != None:
# replace the old token with the stored value
header_replace = "%s %s" % (self.header_name, jwt)
req_text = re.sub(r"\r\n" + self.header_name + ".*\r\n", "\r\n" + header_replace + "\r\n" , req_text)
# set the current request
current_request.setRequest(self.helpers.stringToBytes(req_text))
print("[" + datetime.datetime.now().strftime(
"%Y-%m-%d %H:%M:%S") + "] JWT token fetched from Burp Cookie jar & updated the request. Token: " + header_replace[-90:] )
try:
FixBurpExceptions()
except:
pass