Module: PWN::Plugins::OAuth2

Defined in:

lib/pwn/plugins/oauth2.rb

Overview

This plugin is somewhat of a hack used for extracting OAuth2 tokens from HTTP responses to be used for subsequent HTTP requests.

Class Method Summary

• .authors ⇒ Object

  Author(s)

  0day Inc.

• .decode(opts) ⇒ Object

  Supported Method Parameters

  PWN::Plugins::OAuth2.decode( oauth2_token: ‘required oauth2 token’ ).

• .get_value_by_key(opts) ⇒ Object

  Supported Method Parameters

  PWN::Plugins::OAuth2.get_value_by_key( oauth2_token: ‘required oauth2 token’, key: ‘required oauth2 token key name located within the Base64 encoded token as symbol, e.g. :company_id’ ).

• .help ⇒ Object

  Display Usage for this Module.

Class Method Details

.authors ⇒ Object

Author(s)

0day Inc. <support@0dayinc.com>

# File 'lib/pwn/plugins/oauth2.rb', line 45

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <support@0dayinc.com>
  "
end

.decode(opts) ⇒ Object

Supported Method Parameters

PWN::Plugins::OAuth2.decode(

oauth2_token: 'required oauth2 token'

)

# File 'lib/pwn/plugins/oauth2.rb', line 16

public_class_method def self.decode(opts)
  oauth2_token = opts[:oauth2_token]
  Base64.decode64(oauth2_token)
rescue StandardError => e
  raise e
end

.get_value_by_key(opts) ⇒ Object

Supported Method Parameters

PWN::Plugins::OAuth2.get_value_by_key(

oauth2_token: 'required oauth2 token',
key: 'required oauth2 token key name located within the Base64 encoded token as symbol, e.g. :company_id'

)

# File 'lib/pwn/plugins/oauth2.rb', line 29

public_class_method def self.get_value_by_key(opts)
  oauth2_token = opts[:oauth2_token]
  # Make sure we're receiving a symbol.  Convert to string first in case an int is passed.
  key = opts[:key].to_s.to_sym

  # Holy omg...strip out the ugly tail of this stuff.
  readable_oauth2_token = Base64.decode64(oauth2_token).match(/^(.*?)\]\}/).to_s

  json_oauth2_token_body = JSON.parse(readable_oauth2_token.split(/^\{(.*?)\}/)[-1], symbolize_names: true)
  json_oauth2_token_body[key]
rescue StandardError => e
  raise e
end

.help ⇒ Object

Display Usage for this Module

# File 'lib/pwn/plugins/oauth2.rb', line 53

public_class_method def self.help
  puts %{USAGE:
    #{self}.decode(oauth2_token: 'required oauth2 token')"

    #{self}.get_value_by_key(
      oauth2_token: 'required oauth2 token',
      key: 'required oauth2 token key name located within the Base64 encoded token as symbol, e.g. :company_id'
    )

    #{self}.authors
  }
end