Added handling of ambiguous data types in payload changes

Until now, numeric strings in payload changes was always converted to integers. Now, preceding a numeric string with a '%' sign, will return a the numeric string itself (stripped of the '%' sign). This is due, so the user is able to preserve the original data type for a specific value. Wiki updates are following
DontPanicO · Jan 30, 2021 · 909eab7 · 909eab7
1 parent 0255a4e
commit 909eab7
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/jwt-crack.py b/jwt-crack.py
@@ -1444,14 +1444,26 @@ def build_values(string):
         if "," in string:
             values = string.split(",")
             for i in range(len(values)):
+                if values[i].startswith("%"):
+                    values[i] = values[i].lstrip("%")
+                    continue
                 if values[i] == "":
                     values.remove(values[i])
+                    continue
                 if values[i] == "null":
                     values[i] = None
+                    continue
+                try:
+                    values[i] = int(values[i])
+                except ValueError:
+                    continue
             return values
         if string == "null":
             return None
-        return string
+        try:
+            return int(string)
+        except ValueError:
+            return string.lstrip("%")
 
     @staticmethod
     def change_payload_complex(string, iterable):
@@ -1624,7 +1636,8 @@ def run(self):
                         )
     parser.add_argument("-p", "--payload",
                         action="append", nargs="+",
-                        help="A claim you want to change in the payload and the value to issue, as key:value pairs. If value have to be a list, pass list items as comma separated values.",
+                        help="A claim you want to change in the payload and the value to issue, as key:value pairs. If value have to be a list, pass list items as comma separated values. " \
+                        "Numeric strings are always converted to integers. If you need to preserve the string data type, precedes it with a percent sign. It will be stripped and the string won't be converted to int",
                         metavar="<key>:<value>", required=False
                         )
     parser.add_argument("-d", "--decode", action="store_true",
@@ -1648,7 +1661,8 @@ def run(self):
                         metavar="<keyfile>", required=False
                         )
     parser.add_argument("--complex-payload", action="append", nargs="+",
-                        help="As --payload but for subclaims. Keys must be comma separated, and passed in cronological order. If value have to be a list, pass the list items as comma separated values",
+                        help="As --payload but for subclaims. Keys must be comma separated, and passed in cronological order. If value have to be a list, pass the list items as comma separated values. " \
+                        "Numeric strings are always converted to integers. If you need to preserve the string data type, precedes it with a percent sign. It will be stripped and the string won't be converted to int",
                         metavar="<key,key...>:<value>", required=False
                         )
     parser.add_argument("--remove-from", action="append", nargs="+",