Supporting GET method

[gl4nce]

I know this is really bad practise, but currently I'm pentesting an API which is sending the JWT as a simple get parameter. JWT_Tool does not support this case. Maybe it can/should be added for such cases?

Thanks for this great tool!

[ticarpi]

Yes, I had this in a test the other week. I hacked a solution on the day, but I'll clean it up and add it to the next update. Thanks for the suggestion.

[gl4nce]

Sounds good. Thanks a lot for your fast reply and the announced solution. 👍

[dillonfranke]

@gl4nce I just added this functionality with 5f78b56d56da4000c73fe4867a5ca7a8e7e43e83, enjoy!!

[octoberfestuser]

Was this functionality removed? I'm only finding -pd option for POST DATA only, not get parameters. Either way, can we get some examples of how I should use the flag?

[dillonfranke]

Was this functionality removed? I'm only finding -pd option for POST DATA only, not get parameters. Either way, can we get some examples of how I should use the flag?

Hey @octoberfestuser, I submitted a pull request to add this functionality, but unfortunately it hasn't been merged in yet. You can pull down my fork though, which includes the functionality! https://github.com/dillonfranke/jwt_tool

Usage would be like this for parsing a token from a GET parameter:

python3 jwt_tool.py -t https://TARGET -gd "token=ey...." -M pb

[octoberfestuser]

@dillonfranke Thanks a lot man!! such a fast reply as well I'm impressed xd

[hugo-syn]

Any update on a merge to the main branch ? :)