Comments (5)
Hello @floxcristian! thanks for using this tool and opening an issue :)
Are you aware of the secret for this token? Does it contain only symbols from the default alphabet?
from jwt-cracker.
I just accidentally found this issue because I was troubleshooting another problem with JWT token parsing and "cracking"... and I just want to let you know that:
- the password for this JWT from above seems to be "casa" (without quotes)
- the problem is that the arguments for jwt-cracker are positional
- that (# 2) implies that the "4" is seen as the "alphabet" not the maxlength
- you would need to specify the alphabet first e.g. "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" 4
- therefore, I would really suggest/recommend to make the command line user interface a little bit more flexible and allow to use command line arguments like --maxlength 4 and --alphabet "abcdef" to avoid these mistakes
The other problem I actually experienced (and this might be totally off-topic, sorry for that) is that jwt-cracker doesn't really have any (basic) JWT "validation" code... and therefore it tries to crack even hashes that are of a different "alg" type and with an invalid signature (too short in my case, truncated)... I know it's off-topic but would be great if you could add some basic "validation" (because it's really bad if users spent dozens of hours trying to crack a JWT, just to find out that it's corrupted/malformed/truncated or whatever).
Thank you very much and I hope my debugging/explanation helps :)
cheers
from jwt-cracker.
Very good point! Thanks for taking the time to report this :)
I would love a contribution to address this issue if you have some spare time.
from jwt-cracker.
specifying the command arguments advice really helped ,thanks buddy amazing tool
from jwt-cracker.
I don't know why it doesn't work.
jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJma2ZmIiwiZW1haWwiOiJjZGNkQGRzZnMuY29tIiwibmFtZSI6ImZsZGZrZHNrZmQiLCJpY XQiOjE1OTI4MDE5MTZ9.Cvzj0tVtVGc60xvqLdyasYf6gF8QLi8HQCKlxw9nBk4" 4 SECRET NOT FOUND Time taken (sec): 0.01 Attempts: 12
hello , i have just discovered that the tool wont work of the key is base64 encoded. so i would suggest you to decode the key first from whatever encoding scheme they have used then try to crack it now ..thanks
from jwt-cracker.
Related Issues (19)
- Cannot run the script HOT 3
- wordlist is loaded entirely into ram HOT 1
- test HOT 3
- Multithread support HOT 2
- installation issue HOT 4
- Difference between project and hashcat HOT 2
- there is a feature to skip the short length? i mean the length can custom for 7-30 characters only and skip 1-6 characters HOT 4
- Sintaxis error HOT 1
- Error when running jwt-cracker HOT 7
- Error: Cannot find module '${PWD}/process-chunk.js' HOT 1
- Error: Cannot find module 'C:\C:\Users\...\node_modules\jwt-cracker\process-chunk.js' HOT 1
- Unsupported typ: HS256
- error on successful npm installation of jwt-cracker
- SyntaxError: Unexpected token HOT 2
- Whether to support jjwt format HOT 1
- Use password attempts from files (e.g. rockyou or top 1000) HOT 3
- GPU acceleration HOT 2
- It doesn't work if the dash is included in the alphabet HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt-cracker.