|
# pip install PyJWT |
|
# usage: decode_cookie.py [-h] -f COOKIE_FILE [-d] |
|
# examples: |
|
# § decode_cookie.py -f cookie.txt # Returns the JWT from cookie |
|
# § decode_cookie.py -f cookie.txt -d # Decodes the inner PIdToken as well |
|
# |
|
# Python tool that takes vouch-proxy cookie as input and returns decoded and decompressed, parsed JWT token |
|
# |
|
# optional arguments: |
|
# -h, --help show this help message and exit |
|
# -f COOKIE_FILE, --cookie-file COOKIE_FILE |
|
# File where your cookie is stored |
|
# -d, --decode-idtoken Decode the inner PIdToken value |
|
|
|
import base64 |
|
import gzip |
|
import jwt |
|
import pprint |
|
import argparse |
|
import sys |
|
|
|
def decode_and_decompress_cookie(encgzipss: str) -> str: |
|
url_safe_base64_decoded_string = base64.urlsafe_b64decode(encgzipss) |
|
gzip_decompressed_string = gzip.decompress(url_safe_base64_decoded_string).decode('UTF-8') |
|
jwt_decoded_object = jwt.decode(gzip_decompressed_string, algorithms=['HS256'], options={"verify_signature": False}) |
|
return jwt_decoded_object |
|
|
|
def main(): |
|
parser = argparse.ArgumentParser(description='Python tool that takes vouch-proxy cookie as input and returns decoded and decompressed, parsed JWT token') |
|
parser.add_argument('-f','--cookie-file', type=str, help='File where your cookie is stored', required=True) |
|
parser.add_argument('-d', '--decode-idtoken', action='store_true', help='Decode the inner PIdToken value', required=False) |
|
args = vars(parser.parse_args()) |
|
|
|
with open(args['cookie_file']) as f: |
|
decoded_jwt = decode_and_decompress_cookie(f.readlines()[0]) |
|
if args['decode_idtoken']: |
|
decoded_jwt['PIdToken'] = jwt.decode(decoded_jwt['PIdToken'], algorithms=['HS256'], options={"verify_signature": False}) |
|
pprint.pprint(decoded_jwt) |
|
|
|
if __name__ == '__main__': |
|
sys.exit(main()) |
