| [crypto] |
| # The sample RSA public and private keys are used to generate different tokens for testing. They can be simply generated |
| # with the command `make -f tools/certs/Makefile.selfsigned.mk sample-RSA`. |
| pubkey = sample-RSA-public.pem |
| privkey = sample-RSA-private.pem |
| jwks = |
| |
| [services] |
| jwt_tool_version = 2.2.3 |
| # To disable the proxy option set this value to: False (no quotes) |
| proxy = False |
| # Set this to the URL you are hosting your custom JWKS file - your own server, or maybe use this cheeky reflective URL (https://httpbin.org/base64/{base64-encoded_JWKS_here}) |
| jwksloc = |
| # Set this to the base URL of a Collaborator server, somewhere you can read live logs, a Request Bin etc. |
| httplistener = |
| |
| [customising] |
| useragent = Mozilla/5.0 (Windows NT 10.0; Win64; x64) jwt_tool |
| |
| [input] |
| wordlist = jwt-common.txt |
| commonHeaders = common-headers.txt |
| commonPayloads = common-payloads.txt |
| |
| [argvals] |
| # Set at runtime - changes here are ignored |
| sigType = |
| targetUrl = |
| cookies = |
| key = |
| keyList = |
| keyFile = |
| headerLoc = |
| payloadclaim = |
| headerclaim = |
| payloadvalue = |
| headervalue = |
| canaryvalue = |
| header = |
| exploitType = |
| scanMode = |
| reqMode = |
| postData = |
| resCode = |
| resSize = |
| resContent = |
