fork download
  1. def preScan():
  2. cprintc("Running prescan checks...", "cyan")
  3. jwtOut(jwt, "Prescan: original token", "Prescan: original token")
  4. if config['argvals']['canaryvalue']:
  5. if config['argvals']['canaryvalue'] not in config['argvals']['rescontent']:
  6. cprintc("Canary value ("+config['argvals']['canaryvalue']+") was not found in base request - check that this token is valid and you are still logged in", "red")
  7. shallWeGoOn = input("Do you wish to continue anyway? (\"Y\" or \"N\")")
  8. if shallWeGoOn == "N":
  9. exit(1)
  10. elif shallWeGoOn == "n":
  11. exit(1)
  12. origResSize, origResCode = config['argvals']['ressize'], config['argvals']['rescode']
  13. jwtOut("null", "Prescan: no token", "Prescan: no token")
  14. nullResSize, nullResCode = config['argvals']['ressize'], config['argvals']['rescode']
  15. if config['argvals']['canaryvalue'] == "":
  16. if origResCode == nullResCode:
  17. cprintc("Valid and missing token requests return the same Status Code.\nYou should probably specify something from the page that identifies the user is logged-in (e.g. -cv \"Welcome back, ticarpi!\")", "red")
  18. shallWeGoOn = input("Do you wish to continue anyway? (\"Y\" or \"N\")")
  19. if shallWeGoOn == "N":
  20. exit(1)
  21. elif shallWeGoOn == "n":
  22. exit(1)
  23. jwtTweak = contents.decode()+"."+sig[:-4]
  24. jwtOut(jwtTweak, "Prescan: Broken signature", "This token was sent to check if the signature is being checked")
  25. jwtOut(jwt, "Prescan: repeat original token", "Prescan: repeat original token")
  26. if origResCode != config['argvals']['rescode']:
  27. cprintc("Original token not working after invalid submission. Testing will need to be done manually, re-authenticating after each invalid submission", "red")
  28. exit(1)
Success #stdin #stdout 0.02s 7208KB
stdin
Standard input is empty
stdout
Standard output is empty