jwtOut(jwt,"Prescan: original token","Prescan: original token")
if config['argvals']['canaryvalue']:
if config['argvals']['canaryvalue']notin config['argvals']['rescontent']:
cprintc("Canary value ("+config['argvals']['canaryvalue']+") was not found in base request - check that this token is valid and you are still logged in","red")
shallWeGoOn =input("Do you wish to continue anyway? (\"Y\" or \"N\")")
cprintc("Valid and missing token requests return the same Status Code.\nYou should probably specify something from the page that identifies the user is logged-in (e.g. -cv \"Welcome back, ticarpi!\")","red")
shallWeGoOn =input("Do you wish to continue anyway? (\"Y\" or \"N\")")
if shallWeGoOn =="N":
exit(1)
elif shallWeGoOn =="n":
exit(1)
jwtTweak = contents.decode()+"."+sig[:-4]
jwtOut(jwtTweak,"Prescan: Broken signature","This token was sent to check if the signature is being checked")
jwtOut(jwt,"Prescan: repeat original token","Prescan: repeat original token")
if origResCode != config['argvals']['rescode']:
cprintc("Original token not working after invalid submission. Testing will need to be done manually, re-authenticating after each invalid submission","red")