jwt_tool icon indicating copy to clipboard operation
jwt_tool copied to clipboard

Published 20 hours ago verified publisher icon ticarpi

-T and -X k -pk do not seem to combine

Open donpellegrino opened this issue 3 years ago • 2 comments

In version 2.2.3, when -T is combined with -X k -pk, the output does not contain the tampered results. It seems these flags cannot be used together.

Workaround: Using -T alone works. The output from a -T run can then be used as the input for a -X k -pk run to get the desired results.

donpellegrino avatar Jul 04 '21 00:07 donpellegrino

Can confirm this. Workaround .. works ;)

Mr-MooMoo avatar Jul 13 '21 20:07 Mr-MooMoo

Can confirm both the issue and workaround for version 2.2.4.

This also occurs for the combination of -T and -X a on my end.

An easier way, instead of doing 2 calls to the script, is to use -I along with -pc/-pv or -hc/-hv if possible. This works in combination with the exploits and results in changing the signature as well as the encoded data, all in one go.

miguelpduarte avatar Sep 22 '21 09:09 miguelpduarte