├── .gitignore ├── jwt-signature-apis-challenges ├── secrets │ └── keyfile.txt ├── package.json ├── webkeys │ ├── jwks.json │ └── certificate_x509.crt ├── certificate │ ├── public_key_kca.crt │ ├── certificate_kia.crt │ ├── certificate_x509.crt │ ├── temp_x5u.cert │ ├── attacker_certificate_kia.crt │ ├── certificate_kca.crt │ ├── private_key_kca.key │ ├── private_key_kia.key │ ├── private_key_x509.key │ └── attacker_private_key_kia.key ├── app.js └── package-lock.json ├── README.md └── JWT-attacks.postman_collection.json /.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/secrets/keyfile.txt: -------------------------------------------------------------------------------- 1 | 6184c84adcf5aafe03ff35dd46e706264ff395fcc96ca6ff04444009aa9f03e8 2 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jwt-explotation-practices", 3 | "version": "1.0.0", 4 | "description": "APIs aimed to learn to exploit JWTs", 5 | "main": "app.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "OnSecRU", 10 | "license": "ISC", 11 | "dependencies": { 12 | "@chilkat/ck-node12-linux64": "^9.50.83", 13 | "child_process": "^1.0.2", 14 | "crypto": "^1.0.1", 15 | "express": "^4.17.1", 16 | "jsonwebtoken": "^8.5.1", 17 | "jwk-to-pem": "^2.0.4", 18 | "node-jose": "^1.1.4", 19 | "openssl-nodejs": "^1.0.5", 20 | "request": "^2.88.2" 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/webkeys/jwks.json: -------------------------------------------------------------------------------- 1 | { 2 | "kty": "RSA", 3 | "kid": "key-0", 4 | "use": "sig", 5 | "e": "AQAB", 6 | "n": "2_AgfALcXXh5eYJRPOS4szQTATmzpK3Fx0Yny3ktek8XkBwmupxF-y6dWRmtg7L1_Ynjczg218VzcH4CNxhHBcZORh7uunWvZnGI31Tgq0wORMU8srNOwrDRDgfFqtzxfb3YhTchzqX9xpfaU-FCp9iFDge8WNAsDQhRofKV96uJmlyyM7Xo6SMhPv1gjKv6oyTvJ0mBncAJOpqLuV9Vj6Cr42LQd6IjW7se-6xzalkVkj4ZoYJAkBpqueh9ZJV87O2FHRF41Q3wc9yIIcttAAGH_YOgFlMIi3ORDJdqlEGondjwj2q22KcnsGiRRZE98nYVpi4WbvD-4vvpFU_8EhttMz1DQ4IQ6koP8-nzKIlZgddupXgCzk6M9yQZ9dJX1H76P3hnCNcGA2CT3-cjq4jjnh9K8nmLio2bW3-c2EIgrnpLUORy3_F0U5CS22UjCZWmeUkR0J8H3bByOfoP5iw5Bqk6Ovxtt5QWo5jsowNZ9g4TPfi4EBtiLUfWTITv-FWC9i1Jv-sqz6zwM6vthHv47anpp_cBZLk2VCqEF1YQm_Pa_p3_cSDI22KDvrHWZ8xr04srqQWoakicYawcons1GCirilQyjRFsDuGra1l7ad1MkoUKIy2iCzJPpTQ5mem_e654sh4XIrNa99neaClhLoIGLXs5YbWz4eweHQU" 7 | } 8 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/public_key_kca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqWBlX+jYtTdFDeVgxOPN 3 | gkDzbweKUeCxSaLwitOLc+xOyGZO+98TAvIZ43XEgaguQz4ZcVj5pEDCD5duhvwA 4 | BrOclGJXw1imIn+lLJm4MVlco17svSCZD+eSrbVOX58JDatRnZtYJuvcFHSe86yB 5 | tU5lyNUygPH3CLEk0qCiNvjH/E9M4gdLxGqbFt2Dw1j/Xk+AX2ITR04/CuwFKXqN 6 | mwHxEcBzRTkRVw9tYUKx/nhwLDB8AK4ihdEhG4LG0fxOOZCwzyskHB8fnLQ2+Iq1 7 | nEiwxYOdPP+XSl+A5Q3Iu5evEAAp+VncuxrQerdiFwclwyWRw/DdQDLhWIW2x8Ga 8 | DETALaKO2Jy17bb+T6wQRA60yZzZWG88ZntVxXt9Y3jexLd2rWsYl+8CWx+vVgEw 9 | x0UzqCAWIk+2f08zuRw1THzdsdZ0rg2yH42S5+Y9kMU5eI8F7inDaHd7cJrbYofs 10 | 0ssofFhskKsq/RrxZQ6lKRV1cUGTfgQsn0dK0l0gBShbS12qoDKMLZECqlwMcUMj 11 | C2/T+b0C1ZIbz7JwW4eTG2lkcPc4lZ8kavGOL7hqp3qHmni23++dketPBKHOzkLq 12 | E5ZVhbufQeQVEppj1kJCZ5T/k2XInTPL4a3Ul30RpxFgEht3oxCiyplnyrj6DSRt 13 | MbU65tu7iZsrjS8695dzb4cCAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/certificate_kia.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFqTCCA5GgAwIBAgIUO+k92XsJE1jr5TJ51o77L6+HY/EwDQYJKoZIhvcNAQEL 3 | BQAwZDELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1ZJQzEMMAoGA1UEBwwDTUVMMQ8w 4 | DQYDVQQKDAZwdWJsaWMxDDAKBgNVBAMMA2p3dDEaMBgGCSqGSIb3DQEJARYLand0 5 | QGp3dC5jb20wHhcNMjAwNzE3MTAyNTAzWhcNMzAwNzE1MTAyNTAzWjBkMQswCQYD 6 | VQQGEwJBVTEMMAoGA1UECAwDVklDMQwwCgYDVQQHDANNRUwxDzANBgNVBAoMBnB1 7 | YmxpYzEMMAoGA1UEAwwDand0MRowGAYJKoZIhvcNAQkBFgtqd3RAand0LmNvbTCC 8 | AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvwIHwC3F14eXmCUTzkuLM0 9 | EwE5s6StxcdGJ8t5LXpPF5AcJrqcRfsunVkZrYOy9f2J43M4NtfFc3B+AjcYRwXG 10 | TkYe7rp1r2ZxiN9U4KtMDkTFPLKzTsKw0Q4Hxarc8X292IU3Ic6l/caX2lPhQqfY 11 | hQ4HvFjQLA0IUaHylferiZpcsjO16OkjIT79YIyr+qMk7ydJgZ3ACTqai7lfVY+g 12 | q+Ni0HeiI1u7Hvusc2pZFZI+GaGCQJAaarnofWSVfOzthR0ReNUN8HPciCHLbQAB 13 | h/2DoBZTCItzkQyXapRBqJ3Y8I9qttinJ7BokUWRPfJ2FaYuFm7w/uL76RVP/BIb 14 | bTM9Q0OCEOpKD/Pp8yiJWYHXbqV4As5OjPckGfXSV9R++j94ZwjXBgNgk9/nI6uI 15 | 454fSvJ5i4qNm1t/nNhCIK56S1Dkct/xdFOQkttlIwmVpnlJEdCfB92wcjn6D+Ys 16 | OQapOjr8bbeUFqOY7KMDWfYOEz34uBAbYi1H1kyE7/hVgvYtSb/rKs+s8DOr7YR7 17 | +O2p6af3AWS5NlQqhBdWEJvz2v6d/3EgyNtig76x1mfMa9OLK6kFqGpInGGsHKJ7 18 | NRgoq4pUMo0RbA7hq2tZe2ndTJKFCiMtogsyT6U0OZnpv3uueLIeFyKzWvfZ3mgp 19 | YS6CBi17OWG1s+HsHh0FAgMBAAGjUzBRMB0GA1UdDgQWBBTgt1DBVpVNddg9FGNi 20 | 4/Jmi3ZjWDAfBgNVHSMEGDAWgBTgt1DBVpVNddg9FGNi4/Jmi3ZjWDAPBgNVHRMB 21 | Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAi5ffROPLJXWaVgBBpZJwClA2c 22 | tCRP8Vk1MWpyWhAgEzQ+sIdiAYRxpSf2Kon8IWJOGNRoXdJeeJy9WoQ0d/fDjwkH 23 | 2vu4AN3roPUKJOhLTFLrK/4mh1qM3c+At6rJ0R1MPNsZCGFnLulj/FkIVA6SR2Y8 24 | opSU1+Q8keR7L9NCJ2qpBvQAd3Moaxh69A4ycZNCC72zWqM728LmiV+vsQa0Lmdv 25 | ybO3HPazNwriPisTtSM1cNz+Qn11A6sUqXj3C0XZyT2RyWDwStpuheQwO+jnKBwn 26 | lDPJ3sePY4ClVZiLyt1fC6DekxKoqGeE1Pswl/3UXMVFi5SY2agUhtoNLxBVAI8A 27 | zGBDefoZD1pvT9NzB7FI0kqyNTNoQOJkqVDiUW/pe4wj/4FUwBSC4ZEvV3Xnf+oC 28 | gaHpU6zbett8nv75Itd2VhRMQa2PNxvHIe5twWLBIxrsEmB+cuE0c4iRXoNaymf8 29 | 2WwM58wVq+AAVpTPMbNsufOvq2YqlFyWEg/TxJITJA6wts0VqjyXSywvs4uiAjwy 30 | TVzsmuxSA1vLAr/a3+AcwNI5yeWQLOZ0p0VbcvAZqCa1EXinf+kLIwVjaT1qBgLf 31 | jpYdSu+Y7LIztbqKFTQRz2qIIvLGJsha7xSlqg1Jd9EQDlGDjH7V1Pw277LZh1PP 32 | +R13oGGrq4B7Ehpqwg== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/webkeys/certificate_x509.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFvzCCA6egAwIBAgIUDdp36IBZVcWcbqYC6h1wcZClc3cwDQYJKoZIhvcNAQEL 3 | BQAwbzELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1ZJQzEMMAoGA1UEBwwDTWVsMQww 4 | CgYDVQQKDANKV1QxDDAKBgNVBAsMA0pXVDEMMAoGA1UEAwwDSldUMRowGAYJKoZI 5 | hvcNAQkBFgtqd3RAand0LmNvbTAeFw0yMDA3MTgwODQzNDNaFw0zMDA3MTYwODQz 6 | NDNaMG8xCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANWSUMxDDAKBgNVBAcMA01lbDEM 7 | MAoGA1UECgwDSldUMQwwCgYDVQQLDANKV1QxDDAKBgNVBAMMA0pXVDEaMBgGCSqG 8 | SIb3DQEJARYLand0QGp3dC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK 9 | AoICAQC17GkAhxY94JSXqsD88AIkNF8HIRzlY4pEJ8bDv3AIOb3TYR7/pPq1pBOd 10 | DsBfwg3EJh0stjJ0/ThJITEUj7hyostiCpnVXrDOcSVm34JPnI3AF7GxJEAxtC+/ 11 | uNXEa2oRWNRCxWLBAmsJ0EacP7jlsTFPcQ9IRJOwLh0qN+jFJpYiuu8ezL8Ss2cl 12 | o+OUt5xxhfjuLn4sIFc4rwQNxvtS5NmPZC9h05xFvhu1QWRuVgB18ao5X8Zef2bG 13 | gCOTJLIbAyopKQKL1UWQfmHi1N+GHVUXyUGrUD4dHA914GrDGFXEXQBetBxn6kIy 14 | EQ0ZriiwQfeM4WjSHV8Ixa4qaUCty5t7eroUHH6cqUeCVlcEUDFP1b9D80t9WTsp 15 | E+F6rmh6O4dXu5gagRoICjoKY8iQdUnifnHs/v58Xdzf14V+ZVmmEinXlmfpC2bf 16 | yO1ubZw4vgq1XBbw8Hv2pDLJuzAssJ0/ECDI7mzazC/GasSjfnAuW8GqcTuDD3Vj 17 | 8wLPRimUvxgXzU3XN6m8iEnizc2/Ah0bJlQ4L/lbcKM7tN2uAmE0cTnHTtDTp+3X 18 | 8gATsnU4Zbs3fixlKlu+3v3SGUpePJxMDtANONSWtoTtbqHYZM/QVKyLI5OqBoio 19 | wb/yxrxIa2tl4tFloBwLwBn0mjShw6cn6MCAOh1JNzGMKL13DQIDAQABo1MwUTAd 20 | BgNVHQ4EFgQUNGauJvzXjwdAjKinZb85LBp3x2YwHwYDVR0jBBgwFoAUNGauJvzX 21 | jwdAjKinZb85LBp3x2YwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC 22 | AgEATaAisJCxiMPoGY7hesDnmEAXNdjc2FNgSk3hSE1mQISbryy8puycbkpYijzP 23 | KOnc1H/NgAv3pxO2LDlGMghPUuU27yrzUDKwap45r9Ms+KM2tOAH0rv1j3Ldr1u6 24 | HO+p4MgmAB4lMybROyiGkCL3tBgf2Wh9xgept5ji9F+WMECSxGFKZQtR4gXcVuFw 25 | nl0qD0axxeiI/69He9nMMQtjzxJZ2Tf8Xkv5nHsE/5YxBZdRdrQ+u+IE26+f0uvw 26 | bjWU0F6eXNIos6L6Zomy5GznjRk1B6Jqv6xnfP10lLxhGmIuRTj8UHL/iBelH+Fx 27 | 2aNeKt5h1gvmEZzyUV7fCSPMmeLEzS0p2t9ROou4sd7cQZ9UzNWcQWnr2WQNxlaG 28 | 1He5a3ppDJ2pdctVMRZ1Pxzxlwfcu6AyDkgLlC2s3XZJMCtaiLP2PoAiYURNpWFL 29 | l0HbmbDwPdPgyIRC5mD3EbxQsQUFhrn+f8IYCThvJEjsx3YU4NsApPk6A2p6kBkm 30 | kvtZkqBj3eGtFGMWdzTAjTKP4EZbW8SXJGwUJa0aI+FCmWlNrkGNGQPOlz53QBz+ 31 | 2OXFmgObA/CqQ+c6f4fXLE2dmI/N6WSPpy+CdSiYrRK5veTdO/nH1ozA26KuIGZd 32 | nNKw+UojAn083/fBL6fgOefWH8Dk4gPzMBVZjcq0Yeq4REQ= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/certificate_x509.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFvzCCA6egAwIBAgIUDdp36IBZVcWcbqYC6h1wcZClc3cwDQYJKoZIhvcNAQEL 3 | BQAwbzELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1ZJQzEMMAoGA1UEBwwDTWVsMQww 4 | CgYDVQQKDANKV1QxDDAKBgNVBAsMA0pXVDEMMAoGA1UEAwwDSldUMRowGAYJKoZI 5 | hvcNAQkBFgtqd3RAand0LmNvbTAeFw0yMDA3MTgwODQzNDNaFw0zMDA3MTYwODQz 6 | NDNaMG8xCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANWSUMxDDAKBgNVBAcMA01lbDEM 7 | MAoGA1UECgwDSldUMQwwCgYDVQQLDANKV1QxDDAKBgNVBAMMA0pXVDEaMBgGCSqG 8 | SIb3DQEJARYLand0QGp3dC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK 9 | AoICAQC17GkAhxY94JSXqsD88AIkNF8HIRzlY4pEJ8bDv3AIOb3TYR7/pPq1pBOd 10 | DsBfwg3EJh0stjJ0/ThJITEUj7hyostiCpnVXrDOcSVm34JPnI3AF7GxJEAxtC+/ 11 | uNXEa2oRWNRCxWLBAmsJ0EacP7jlsTFPcQ9IRJOwLh0qN+jFJpYiuu8ezL8Ss2cl 12 | o+OUt5xxhfjuLn4sIFc4rwQNxvtS5NmPZC9h05xFvhu1QWRuVgB18ao5X8Zef2bG 13 | gCOTJLIbAyopKQKL1UWQfmHi1N+GHVUXyUGrUD4dHA914GrDGFXEXQBetBxn6kIy 14 | EQ0ZriiwQfeM4WjSHV8Ixa4qaUCty5t7eroUHH6cqUeCVlcEUDFP1b9D80t9WTsp 15 | E+F6rmh6O4dXu5gagRoICjoKY8iQdUnifnHs/v58Xdzf14V+ZVmmEinXlmfpC2bf 16 | yO1ubZw4vgq1XBbw8Hv2pDLJuzAssJ0/ECDI7mzazC/GasSjfnAuW8GqcTuDD3Vj 17 | 8wLPRimUvxgXzU3XN6m8iEnizc2/Ah0bJlQ4L/lbcKM7tN2uAmE0cTnHTtDTp+3X 18 | 8gATsnU4Zbs3fixlKlu+3v3SGUpePJxMDtANONSWtoTtbqHYZM/QVKyLI5OqBoio 19 | wb/yxrxIa2tl4tFloBwLwBn0mjShw6cn6MCAOh1JNzGMKL13DQIDAQABo1MwUTAd 20 | BgNVHQ4EFgQUNGauJvzXjwdAjKinZb85LBp3x2YwHwYDVR0jBBgwFoAUNGauJvzX 21 | jwdAjKinZb85LBp3x2YwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC 22 | AgEATaAisJCxiMPoGY7hesDnmEAXNdjc2FNgSk3hSE1mQISbryy8puycbkpYijzP 23 | KOnc1H/NgAv3pxO2LDlGMghPUuU27yrzUDKwap45r9Ms+KM2tOAH0rv1j3Ldr1u6 24 | HO+p4MgmAB4lMybROyiGkCL3tBgf2Wh9xgept5ji9F+WMECSxGFKZQtR4gXcVuFw 25 | nl0qD0axxeiI/69He9nMMQtjzxJZ2Tf8Xkv5nHsE/5YxBZdRdrQ+u+IE26+f0uvw 26 | bjWU0F6eXNIos6L6Zomy5GznjRk1B6Jqv6xnfP10lLxhGmIuRTj8UHL/iBelH+Fx 27 | 2aNeKt5h1gvmEZzyUV7fCSPMmeLEzS0p2t9ROou4sd7cQZ9UzNWcQWnr2WQNxlaG 28 | 1He5a3ppDJ2pdctVMRZ1Pxzxlwfcu6AyDkgLlC2s3XZJMCtaiLP2PoAiYURNpWFL 29 | l0HbmbDwPdPgyIRC5mD3EbxQsQUFhrn+f8IYCThvJEjsx3YU4NsApPk6A2p6kBkm 30 | kvtZkqBj3eGtFGMWdzTAjTKP4EZbW8SXJGwUJa0aI+FCmWlNrkGNGQPOlz53QBz+ 31 | 2OXFmgObA/CqQ+c6f4fXLE2dmI/N6WSPpy+CdSiYrRK5veTdO/nH1ozA26KuIGZd 32 | nNKw+UojAn083/fBL6fgOefWH8Dk4gPzMBVZjcq0Yeq4REQ= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/temp_x5u.cert: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFzTCCA7WgAwIBAgIUc9OuTJOMr0d0N1oOB1pJg4nVK30wDQYJKoZIhvcNAQEL 3 | BQAwdjELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1ZJQzEMMAoGA1UEBwwDTUVMMRMw 4 | EQYDVQQKDApKV1QgUHVibGljMQwwCgYDVQQLDANKV1QxDDAKBgNVBAMMA2p3dDEa 5 | MBgGCSqGSIb3DQEJARYLand0QGp3dC5jb20wHhcNMjAwNzE3MTM0NTQ5WhcNMzAw 6 | NzE1MTM0NTQ5WjB2MQswCQYDVQQGEwJBVTEMMAoGA1UECAwDVklDMQwwCgYDVQQH 7 | DANNRUwxEzARBgNVBAoMCkpXVCBQdWJsaWMxDDAKBgNVBAsMA0pXVDEMMAoGA1UE 8 | AwwDand0MRowGAYJKoZIhvcNAQkBFgtqd3RAand0LmNvbTCCAiIwDQYJKoZIhvcN 9 | AQEBBQADggIPADCCAgoCggIBANaP21yMxku0ZBgYsdU0NHokaDkgdwYGj+0pra7S 10 | R/+3OHG2TEShgQYWhavQH+34/I2YoQVLu/ry8duG72wddFARcM5CkCmFZ0+jvUk4 11 | WP8H6zM0LRB3dk+3S/dMvYi0pYMERTJ3FFsrGksK/cIg4crAQdErB8t9Wexm+LSq 12 | 4JeyBZDjaQaZaeewtX4f1zYWbSV/krXnBro7DkQgRPextbNfVrIm9iZOyUtxMsUA 13 | 5j1WuyGaQ9IaRtP1UgGfajVBp4lVn/f3KJxN9A0zT513eKFfIPOna2RNGtSy4IRT 14 | Ld08WmQJq08dxLxKgnP8TJB1Z7lbNLH9v+QMpcjQejjEy4vnYj9S4+C+6OADzuQu 15 | cIYDszs8zAhR8KEUyJ+y1IRQLmn7CYa+nMLjuJaLxzuSoYoWt+p3jdRlWvjfMcBy 16 | hyFDefITDm/Rwj870n4jBjirb11F9QS4QJib3mE0TbNiJ7nTHO3y5xsvA7Cy6lA9 17 | e05ThzKweTjIy40psunE+V5x51koNk6kcLUeUKIdE/sX7gjPSFlR5kx+NdozvXA5 18 | TwigbB/3w1sCRMjpsgzL0EOw54CITEFnOPdBDaIfbiuV3l7nWd+sxOkELeTBL+b8 19 | U88dAZZbK0mfHnSYMzT0eQxjFK6rxVqfsPLnWiVNGkPZzF9/AoblvhizMWUp9IJT 20 | AmxJAgMBAAGjUzBRMB0GA1UdDgQWBBSUuetXtgP4vpxxwSIIZrxpsAqw9DAfBgNV 21 | HSMEGDAWgBSUuetXtgP4vpxxwSIIZrxpsAqw9DAPBgNVHRMBAf8EBTADAQH/MA0G 22 | CSqGSIb3DQEBCwUAA4ICAQA7L0BfbzbFmZBB9MIr8zqr+1vMLmAYEv7M87XVFimA 23 | H4ULTMQt+a9tED/hRlmLS24XboP5UlljKrZu1J/wwmQw0WVPxmrrAD7255rQJT1K 24 | QuyL38ctvkqgJSVH4kptfPe/jhMiBWzQWO9Jp8dJ9m9+4hdS0Ku8ginhca+1wAcl 25 | xHEkSzFjhM5ndIyz2HYkdrlMyZ43oyyg0aGpCju0xtU1zlUMsRbsldQga2DjyJ0K 26 | Esz70DVLz/ramyqH+L9QnAJjy7rJs8LH3NFimJffQNzD9BM2lGfPBmbqSn905GWm 27 | CJQTR+7nbL1FZPgFRPae42irj+xpkCiUNYuA/CWLzhPZM2ffx8d5SrOYd+o0xrG+ 28 | WtDOrRVcobUdnhjghzaMzViVg5bAZaH8E60drHjH5YpEAZ0k4A6wTOECS9dKWvKz 29 | JI/0BFMd28reXEn6Q2+0J0rEb/nSnWfuCo/uRtihNgGR4Rsc+csOlPphU45FTyQg 30 | 0FUa7KsLTQztwagqAkJdoh4GYiW9d5N0Mas0Pm5H/R9BkpFer31PjC/YuMxs5C5W 31 | 3tBukTScRGnTOze3TZsUR4DUTcS5GgP333wB8ikybOV7tf6ZlniZZq2v8rQkCBS6 32 | er9yyNHL9602Hfq6wJQSyxqI6qT0ZlJx4mvE1n/tJizVsKgwhNv6HMwfDL4kdkXP 33 | tw== 34 | -----END CERTIFICATE----- 35 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/attacker_certificate_kia.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFzTCCA7WgAwIBAgIUc9OuTJOMr0d0N1oOB1pJg4nVK30wDQYJKoZIhvcNAQEL 3 | BQAwdjELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1ZJQzEMMAoGA1UEBwwDTUVMMRMw 4 | EQYDVQQKDApKV1QgUHVibGljMQwwCgYDVQQLDANKV1QxDDAKBgNVBAMMA2p3dDEa 5 | MBgGCSqGSIb3DQEJARYLand0QGp3dC5jb20wHhcNMjAwNzE3MTM0NTQ5WhcNMzAw 6 | NzE1MTM0NTQ5WjB2MQswCQYDVQQGEwJBVTEMMAoGA1UECAwDVklDMQwwCgYDVQQH 7 | DANNRUwxEzARBgNVBAoMCkpXVCBQdWJsaWMxDDAKBgNVBAsMA0pXVDEMMAoGA1UE 8 | AwwDand0MRowGAYJKoZIhvcNAQkBFgtqd3RAand0LmNvbTCCAiIwDQYJKoZIhvcN 9 | AQEBBQADggIPADCCAgoCggIBANaP21yMxku0ZBgYsdU0NHokaDkgdwYGj+0pra7S 10 | R/+3OHG2TEShgQYWhavQH+34/I2YoQVLu/ry8duG72wddFARcM5CkCmFZ0+jvUk4 11 | WP8H6zM0LRB3dk+3S/dMvYi0pYMERTJ3FFsrGksK/cIg4crAQdErB8t9Wexm+LSq 12 | 4JeyBZDjaQaZaeewtX4f1zYWbSV/krXnBro7DkQgRPextbNfVrIm9iZOyUtxMsUA 13 | 5j1WuyGaQ9IaRtP1UgGfajVBp4lVn/f3KJxN9A0zT513eKFfIPOna2RNGtSy4IRT 14 | Ld08WmQJq08dxLxKgnP8TJB1Z7lbNLH9v+QMpcjQejjEy4vnYj9S4+C+6OADzuQu 15 | cIYDszs8zAhR8KEUyJ+y1IRQLmn7CYa+nMLjuJaLxzuSoYoWt+p3jdRlWvjfMcBy 16 | hyFDefITDm/Rwj870n4jBjirb11F9QS4QJib3mE0TbNiJ7nTHO3y5xsvA7Cy6lA9 17 | e05ThzKweTjIy40psunE+V5x51koNk6kcLUeUKIdE/sX7gjPSFlR5kx+NdozvXA5 18 | TwigbB/3w1sCRMjpsgzL0EOw54CITEFnOPdBDaIfbiuV3l7nWd+sxOkELeTBL+b8 19 | U88dAZZbK0mfHnSYMzT0eQxjFK6rxVqfsPLnWiVNGkPZzF9/AoblvhizMWUp9IJT 20 | AmxJAgMBAAGjUzBRMB0GA1UdDgQWBBSUuetXtgP4vpxxwSIIZrxpsAqw9DAfBgNV 21 | HSMEGDAWgBSUuetXtgP4vpxxwSIIZrxpsAqw9DAPBgNVHRMBAf8EBTADAQH/MA0G 22 | CSqGSIb3DQEBCwUAA4ICAQA7L0BfbzbFmZBB9MIr8zqr+1vMLmAYEv7M87XVFimA 23 | H4ULTMQt+a9tED/hRlmLS24XboP5UlljKrZu1J/wwmQw0WVPxmrrAD7255rQJT1K 24 | QuyL38ctvkqgJSVH4kptfPe/jhMiBWzQWO9Jp8dJ9m9+4hdS0Ku8ginhca+1wAcl 25 | xHEkSzFjhM5ndIyz2HYkdrlMyZ43oyyg0aGpCju0xtU1zlUMsRbsldQga2DjyJ0K 26 | Esz70DVLz/ramyqH+L9QnAJjy7rJs8LH3NFimJffQNzD9BM2lGfPBmbqSn905GWm 27 | CJQTR+7nbL1FZPgFRPae42irj+xpkCiUNYuA/CWLzhPZM2ffx8d5SrOYd+o0xrG+ 28 | WtDOrRVcobUdnhjghzaMzViVg5bAZaH8E60drHjH5YpEAZ0k4A6wTOECS9dKWvKz 29 | JI/0BFMd28reXEn6Q2+0J0rEb/nSnWfuCo/uRtihNgGR4Rsc+csOlPphU45FTyQg 30 | 0FUa7KsLTQztwagqAkJdoh4GYiW9d5N0Mas0Pm5H/R9BkpFer31PjC/YuMxs5C5W 31 | 3tBukTScRGnTOze3TZsUR4DUTcS5GgP333wB8ikybOV7tf6ZlniZZq2v8rQkCBS6 32 | er9yyNHL9602Hfq6wJQSyxqI6qT0ZlJx4mvE1n/tJizVsKgwhNv6HMwfDL4kdkXP 33 | tw== 34 | -----END CERTIFICATE----- 35 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/certificate_kca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIF2zCCA8OgAwIBAgIUbrT7N5cDOJ+jiVk73rvLLhoWIwMwDQYJKoZIhvcNAQEL 3 | BQAwfTELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1ZJQzEMMAoGA1UEBwwDTUVMMQ8w 4 | DQYDVQQKDAZQdWJsaWMxDDAKBgNVBAsMA0pXVDEXMBUGA1UEAwwOand0Y2VydGlm 5 | aWNhdGUxGjAYBgkqhkiG9w0BCQEWC2p3dEBqd3Qub3JnMB4XDTIwMDcxNzAyMzUz 6 | N1oXDTMwMDcxNTAyMzUzN1owfTELMAkGA1UEBhMCQVUxDDAKBgNVBAgMA1ZJQzEM 7 | MAoGA1UEBwwDTUVMMQ8wDQYDVQQKDAZQdWJsaWMxDDAKBgNVBAsMA0pXVDEXMBUG 8 | A1UEAwwOand0Y2VydGlmaWNhdGUxGjAYBgkqhkiG9w0BCQEWC2p3dEBqd3Qub3Jn 9 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqWBlX+jYtTdFDeVgxOPN 10 | gkDzbweKUeCxSaLwitOLc+xOyGZO+98TAvIZ43XEgaguQz4ZcVj5pEDCD5duhvwA 11 | BrOclGJXw1imIn+lLJm4MVlco17svSCZD+eSrbVOX58JDatRnZtYJuvcFHSe86yB 12 | tU5lyNUygPH3CLEk0qCiNvjH/E9M4gdLxGqbFt2Dw1j/Xk+AX2ITR04/CuwFKXqN 13 | mwHxEcBzRTkRVw9tYUKx/nhwLDB8AK4ihdEhG4LG0fxOOZCwzyskHB8fnLQ2+Iq1 14 | nEiwxYOdPP+XSl+A5Q3Iu5evEAAp+VncuxrQerdiFwclwyWRw/DdQDLhWIW2x8Ga 15 | DETALaKO2Jy17bb+T6wQRA60yZzZWG88ZntVxXt9Y3jexLd2rWsYl+8CWx+vVgEw 16 | x0UzqCAWIk+2f08zuRw1THzdsdZ0rg2yH42S5+Y9kMU5eI8F7inDaHd7cJrbYofs 17 | 0ssofFhskKsq/RrxZQ6lKRV1cUGTfgQsn0dK0l0gBShbS12qoDKMLZECqlwMcUMj 18 | C2/T+b0C1ZIbz7JwW4eTG2lkcPc4lZ8kavGOL7hqp3qHmni23++dketPBKHOzkLq 19 | E5ZVhbufQeQVEppj1kJCZ5T/k2XInTPL4a3Ul30RpxFgEht3oxCiyplnyrj6DSRt 20 | MbU65tu7iZsrjS8695dzb4cCAwEAAaNTMFEwHQYDVR0OBBYEFBPu4pOHxdu3HGiZ 21 | WTRbrNnKKfaiMB8GA1UdIwQYMBaAFBPu4pOHxdu3HGiZWTRbrNnKKfaiMA8GA1Ud 22 | EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADFlcCvodxbk3OSM70aPiXI1 23 | Cu3sqLUAozT0K/hYF0G3kE5N8sAsunvRrXHKxTRS6+FSCuV6G10t2uktMFZXh1ID 24 | dpWyi4E7wyPvntYCKW0i1fraab1ddMtyDx84MgGk9sqvectAQrpUvfA1WP+uTc/i 25 | 3pxgsjTAGU3NUNHe0teiBhnSLD9qKJNwdf+Zrdad7Kw9TJ6Gn6hgg5hqSXUdk3js 26 | 3JxJ4Q/+yvFpyrbocg+dK3hOBT2Xoi27hg+GGwvoOzcJaO+BWyFlXqNojz96/kPF 27 | GLJrvNCiZUVT7mtyKITfDCVrqhn9RXCGizoGM8hxIigNysqXq6YhW5oJiZpMwCW0 28 | Qv8SMV0a7XPlw4hJBSfNYXvRPZq7AvbNhosDznLUd641mbDI/hNA8HT2sM8aCTK4 29 | kV5LstShIHK+NK6yMo2X0eLbpSq5amCzi5b+iMkxRh4O2f8Rk6qta4xvTA7549Xd 30 | 93QlPRUdciSIFBX7nDIcyAtVGNfPeRHhN3yUiqLOXLNx8dTnVl4FxWWJw1MdugXe 31 | LElzpo3GxxBjR/HqKdZQgxJSr14UrkpSyI4oLvD3FNE5YT3hcWwLtNQlHyuWbwEM 32 | zrN4GDcszUwzWu7zknM5S3668o/Z+ezjEogyOT10yeFtXPmFqIJyL+2pA2dMaa49 33 | PrwM8IKqMdeX7z9yrZiU 34 | -----END CERTIFICATE----- 35 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Hacking Json Web Token Signature. 2 | 3 | ### Description. 4 | This repository contains a series of APIs that are vulnerable to the following JWT signature attacks: 5 | - none 6 | - weak secret key 7 | - key confusion 8 | - key injection 9 | - jwks spoofing 10 | - kid 11 | 12 | Each API is vulnerable to a specific attack and they are meant only for you to practice JWT attacks, therefore, there is not protection in place for any kind of attack you might like to launch at them. 13 | You do not need to look into the code to solve these challenges, however, you are very welcome to do so to further your understanding of these vulnerabilities. 14 | 15 | ### Instructions. 16 | #### Running the APIs 17 | 1. They run on linux and you need to install `Node.js` and `openssl` 18 | 2. The directory `jwt-signature-apis-challenges` contains the application with the APIs for the challenges. 19 | 3. Go into the directory `jwt-signature-apis-challenges` and install the dependencies with the command `sudo npm install` 20 | 4. Run the application with `sudo node app.js` (it runs on port 443) 21 | 22 | #### Postman file 23 | There is Postman file to help you starting with the APIs, follow these steps: 24 | 1. Import the file into [Postman](https://www.postman.com/) 25 | 2. Disable TLS/SSL verification on postman. The APIs use a self-signed x509 certificate. 26 | 3. There are 6 directories, each one for an specific JWT attack 27 | 4. Inside each directory, there are 2 APIs. 28 | - One named -obtain-token that returns an JWT and an endpoint. This endpoint is the URI where you should direct your tampered jwt to. 29 | - The other API is named -send-token it already contains the endpoint mentioned in -obtain-token and you should use it to verify whether you were successful in your attack with your tampered token. 30 | - Modify the given token, resign and send it. If you tampered token gets a Congrats!! response then you succeeded. 31 | - All the JWT vulnerabilities showed in this repository are for JWT verification bypass. The API containing the JWT kid attack is not. 32 | - If you like to see how a successful response to your attack looks like just send the same token you got from -obtain-token (As this is a valid token you should get a congrats reply) 33 | ### Tool to automate JWT attacks 34 | - [The Json Web Token Toolkit](https://github.com/ticarpi/jwt_tool) 35 | #### References 36 | - [JWT Introduction](https://jwt.io/introduction/) 37 | - [Methodology to attack JWTs](https://github.com/ticarpi/jwt_tool/wiki/Attack-Methodology) 38 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/private_key_kca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCpYGVf6Ni1N0UN 3 | 5WDE482CQPNvB4pR4LFJovCK04tz7E7IZk773xMC8hnjdcSBqC5DPhlxWPmkQMIP 4 | l26G/AAGs5yUYlfDWKYif6UsmbgxWVyjXuy9IJkP55KttU5fnwkNq1Gdm1gm69wU 5 | dJ7zrIG1TmXI1TKA8fcIsSTSoKI2+Mf8T0ziB0vEapsW3YPDWP9eT4BfYhNHTj8K 6 | 7AUpeo2bAfERwHNFORFXD21hQrH+eHAsMHwAriKF0SEbgsbR/E45kLDPKyQcHx+c 7 | tDb4irWcSLDFg508/5dKX4DlDci7l68QACn5Wdy7GtB6t2IXByXDJZHD8N1AMuFY 8 | hbbHwZoMRMAtoo7YnLXttv5PrBBEDrTJnNlYbzxme1XFe31jeN7Et3ataxiX7wJb 9 | H69WATDHRTOoIBYiT7Z/TzO5HDVMfN2x1nSuDbIfjZLn5j2QxTl4jwXuKcNod3tw 10 | mttih+zSyyh8WGyQqyr9GvFlDqUpFXVxQZN+BCyfR0rSXSAFKFtLXaqgMowtkQKq 11 | XAxxQyMLb9P5vQLVkhvPsnBbh5MbaWRw9ziVnyRq8Y4vuGqneoeaeLbf752R608E 12 | oc7OQuoTllWFu59B5BUSmmPWQkJnlP+TZcidM8vhrdSXfRGnEWASG3ejEKLKmWfK 13 | uPoNJG0xtTrm27uJmyuNLzr3l3NvhwIDAQABAoICAGvhN/BkkFKrx1HYfVAqgCSs 14 | VeCr/s+zu3fZTjg+ER5errc5YqlOJf/ET/Tud6DVi9HMZcwqDacuj+v6Wa2kKCgc 15 | kmh4UsnbVsW2Y3AK4KSd9EEiHss/Tf4xUt1NE4QX+V45dhxaa0UvCNgGh49QmrTu 16 | ICpQkIBMnTluCrQVF/zHbCkqIR/94aZS+EESCfCMaOqa3HrkLr9F+SVtusP2iObn 17 | z7Gs0D6Q4JiA/PvrzQ71iwy6POD6CIcO8nVhUF1CxFgp7lOleLRopmva5QBc6NuH 18 | +P90mtvVN3lpZuF9bBL/w8L/N7zYHZ0WsR7YWqOsK8Ml1LfmXCWdwqXtVMPabdDF 19 | WqKgbRgaigRJNHvXjIQ7fYJ6IwAfuihcdr3/nAMisSRP63K6daSc8BNaKQA1IZWT 20 | v2015bKVdzDk5cKCfdT+hPj+NEAspQ89WpWhHQjl4YsCBzO+M0wmpdUwS0BP8fvw 21 | B8tXpP7YNeLluNAZuDZHVAmPxwuOBcsPgBQkpAIYtWATTxP8fqtMRbq1ypgBBnNi 22 | FAL36XNzbFotliT7Im7lbX4Xc0MWJcvDdAFpGULMPqNVMzxykqRsPdULRzbJPRvb 23 | X9jO1nyyg80PpCKhRRHh1CIXDjsyHCG/zGkY7a9mgea9UZGPfUWX9EKoePr7DbEx 24 | yaAVlZ8YRhylFcGNm+/BAoIBAQDSoJBNSZLiZT7SrHrh0En8exbnqFuvtSErZpw4 25 | mTFWhF+8EogjLA7SAWqQemHMUjkNeog//TfdYEoH+2B2x2ZPvUS2qzpBFItkwOBM 26 | ++ibE30nEenYu3a+9obKViyH/8MBQZAy/xmorsPUenlQSoKSyDfnWrIPUflqB+qy 27 | Tzs5GOwDWrxDyZMibcnD535Z+p+xSTTo93WBSoKZxgpQ4hadIeX8PPEJDMN0YOPs 28 | PfCNWOHf8lm/0nFcj2gTS0GuX7SKSVFLgtW5yhMVMAqtDgkP2BsJma7H3k8SdIvt 29 | Evy6XAS23erf263aEmV0YXGKYfFsCj+Txy0R5YuW8wbovk6xAoIBAQDN3PybhMgU 30 | Ne0lTJyf5/Vo/tKD5fGCGXRMfjbyotOiS9QqSO+hfJp3Q34FCt4dbj7M8WgQW5cB 31 | 4pN0ZCBrCriIcigMUD05H6u4NX/d7cIzCdOYBYvO+FoqIzq09NOClGrTVgrZ2xTg 32 | L36EqpLGutCC7qtEKghiNTlwUlNFWg0V6YB0PCWOs9Yi3t76aP0X/4+YFIUYdeuM 33 | GkK+jv9t9wHhJXBlA0G3Ed2GR5OSBK32lOK+PHxvwMfufnKWqCNANq/mgPlvZEQs 34 | J4DhDcHcFA3RWXEN/JpmC2dugX0TEAT+1C71AQ28+JYDF0PzEUH/63Tii2vbpizJ 35 | OFYixZ/H7d+3AoIBAQDOU7ln7IW1vyZOa+WoJUkEynNClTrToaSPhmHMU8zwCpZZ 36 | fvHbOoJ+GCMSyr/YzkbTPFASFvRNqNB8hzQUxvojbK3OH2febsip9wMChtZyayHz 37 | Tun7hJArOwYJWWcgBlw5c8dVHW4+PozZLOx/ya2lKfsRaFf7B/tCceTnrRO/t/ki 38 | xBSeduzqEhBPFwtAC3G50pPBDwANmjbbehOK7h7m6FkJwY0Ap38kFvHO71IgtIv3 39 | u8lNTlH8MQLru5HoxhnuSSoYxV6mNByDad9bbN9VpQW/XsvHQK/GzWJw52OpDxET 40 | LcqyZdklQVYfLoFx5MYBZvymv7sXx/v477K59grRAoIBAQC24eQzkMFiWwnjAe1+ 41 | jUXSUdbYwDVN+6j6r4HHCenzG2RPcF4Z2yUqYHYaqq3p/V+jF674ITXEwfF3C+BU 42 | 18BZzvhPABVzovQdgMGoeaj1SHyGaB7s7mrDVmq4CWvBbHJ+bsjTAzLHesntt88O 43 | 5zWHq9nQg3rRLDFr3GcHjFllpvurxyciYBcTAWWblhuJ70o0s74Nnex0mXvD6Ct5 44 | GF++EVGJG1yM8z0WJo4twSR+k4PftsJhUSUMdZ78wkAWsr6PivKNB8kcZLe0t1EK 45 | X3JrEgdCgq7zipwHatefULLvY7aXh6kZwMkb09ZUoHc+kIFVJMDb8AOHexniaChr 46 | J6J/AoIBACc2CCa9WkkVcYnSKLrezbAKFl/Sca/zDO961PR+YJ90LSMhLx0dnZMq 47 | R1UbNUFbEB6hKoKBE8bhCXoW2tSpYcIWjDWvL/beBpzSn3tiSleykC6RyKmD+e1G 48 | YC4ZVrcK+xOjUhxGnBgqZZGEtIxwA0ZyW8sX7yOYsE1EcENkaWQhAsNIupLufoBM 49 | zGxXN6Uab1ZKPf4NB4kXjjzieR9wR1NPI3YUY/0AdcyBFN2+tF5iCt0x8ZGyUGQp 50 | ZeLKyurvc8TCSjZ7kaXNtnXdHnjzr1pxvk9AJ7hB9qPdQhgPHUapptPgsMkbJ6lv 51 | qeHTuMzoFWPxuuG9h/ehCjlvnA/XvFA= 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/private_key_kia.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDb8CB8AtxdeHl5 3 | glE85LizNBMBObOkrcXHRifLeS16TxeQHCa6nEX7Lp1ZGa2DsvX9ieNzODbXxXNw 4 | fgI3GEcFxk5GHu66da9mcYjfVOCrTA5ExTyys07CsNEOB8Wq3PF9vdiFNyHOpf3G 5 | l9pT4UKn2IUOB7xY0CwNCFGh8pX3q4maXLIztejpIyE+/WCMq/qjJO8nSYGdwAk6 6 | mou5X1WPoKvjYtB3oiNbux77rHNqWRWSPhmhgkCQGmq56H1klXzs7YUdEXjVDfBz 7 | 3Ighy20AAYf9g6AWUwiLc5EMl2qUQaid2PCParbYpyewaJFFkT3ydhWmLhZu8P7i 8 | ++kVT/wSG20zPUNDghDqSg/z6fMoiVmB126leALOToz3JBn10lfUfvo/eGcI1wYD 9 | YJPf5yOriOOeH0ryeYuKjZtbf5zYQiCuektQ5HLf8XRTkJLbZSMJlaZ5SRHQnwfd 10 | sHI5+g/mLDkGqTo6/G23lBajmOyjA1n2DhM9+LgQG2ItR9ZMhO/4VYL2LUm/6yrP 11 | rPAzq+2Ee/jtqemn9wFkuTZUKoQXVhCb89r+nf9xIMjbYoO+sdZnzGvTiyupBahq 12 | SJxhrByiezUYKKuKVDKNEWwO4atrWXtp3UyShQojLaILMk+lNDmZ6b97rniyHhci 13 | s1r32d5oKWEuggYtezlhtbPh7B4dBQIDAQABAoICAGzhR3OdBvLO/XQF66m1oSo2 14 | EWJ96k0QKeUo+fJlHvp5xTR2e0XOr2ZWAVdmutuD8Pt/E7aqkZvoB+oct4QG5MIb 15 | Fgzoq05rjFWuxw+ouUCT+kxZSF8/HTKMzjGf719S2cph/ZqVXIss6aEy88aqsZDe 16 | Q6BafAeLpwMcpy0BJvThWtGsKhwnZhJkbcT9MprxWLcDRdGxNhWeR/NXJuyyIW1l 17 | ITMEbCeNgOuciw4UpV50k5U+YPnvvX6ZVVSLn+f3iUzRmSB20dbHe84f0tTIHEHw 18 | gB4k10+183j10UzmeMDEcHEUQKL/NV20ApX2blR+PqiVhMor7rclX0mHZDBE1IhH 19 | Dno3sBG+lOFcXM1b2fN2pnjJEypS1zP9RB4XcwaXtE1+QIGzp0taIKuU4eFIcrZ4 20 | aJgeqJuSYBmLaEwyWUnvGYjCMdBPrWJ8G/RdHKFSVNFF3AJ2B1y3C1walpXkrOlm 21 | q+y+LsRdtiskOabDGqgmYj1c4Xc5bpHAcN7akIefp5hGC6Envc9PlbyVLXc+LMcI 22 | 2n4NiBH7x5O65FKOHYrQmsRReBTE0HUWxjF1X/26o/eQ8dN+a61jOuaTXuAglOq7 23 | N9WZJ4eY61kdQl1emdlsGCkd76z+TJf2Sjiv+pKfknsQUKuueJx40/xh3YOcpYZH 24 | 5WAS/P5F9vDVjPeAUz/RAoIBAQD46U7t8r60NkVh2HPgiNcqohiomv5Uhb8cUyRC 25 | O3XuK4NDPvVQf4TSfs8JlIXB3N+n3NOjPzY+b3Gj/I2UGU+fgo9thorQGQ4Q7mm0 26 | MMzZkXMkUCrHP6WvuZ0GuRBVQWQCgU4KR2+HLvKVHrpsZq+/c3emBUjhXx2m3+fz 27 | p+NipCojbsLYSdVGpZ+iLFWlOKMR8g8Mr0XCnxZp6JGHi/7GEjMkXmLyCIORJHPV 28 | vZIt/L04+a1XBU6kngswSQkNTxzGpobjJ/uyCyuIxqkkWdGf3qsqzt86ZPJFsrDi 29 | QMVS1nR/JNFJaDzZeQvdml2pJ0MsZ1n3KIb4ZiIgNny1a8RrAoIBAQDiM5Z+AiOK 30 | Woi+cW89l8XMOLmjYsqpZPSFxRSpPOrNVLUTWRGgfsTd1TZhDeKaBlLYat7A2G3m 31 | 34fDMdrvKczut9BeJZ40b6TLa55bIOS7z2u/6qVZkJ+JpMVdu25sYhOKiiZwtr5b 32 | H5RXBTTak6+GWesU5c9ByMco5aJAheIsTrWwxRSonaPGWLci5Nip2cxxrzLifXT0 33 | JJMIUfprSvh6fM7pdY1V4pZENunvraArVjlzRe1j2L5QLyCFZIUYd2URrSUJkZCW 34 | Mzt3EfNBmgDzAt7HgU6PuN4wy2lhzUScEXlpoLm9oArUUOkOK54eVlogpM1f/wBo 35 | dhYrrfYKtYBPAoIBAQCjGzdGg3fl3V5PxKgCLYlZfYjNC2u3dUELTYwH/rDDli3Y 36 | pevYiQc/bCs9Kt8Pby378J+abLSd6yc7fyZDMubTLpnP+ocB4DkwbRpFImlJ9J7P 37 | 39x4XkOzR90W57RFOalQXu0FnVP+8IuzncQpfoyR1xdDalkcndhvXm+/YXeGTu7x 38 | 8wWo95DTT3qwqX6h2uA4xTaJaF09MEReuDCM8vbLUmfC4DrUQTH9rTZejG+6xNA2 39 | Ap5M1MR46LuKM4HD/+BqZ/sh5TRwshMf+JYjpNvRd/cQASmUOUvs0jBIworLQo5q 40 | NnUSNkUReNmGqD3Rt1G0SjFQ3XS8VyjrlOjZdTnrAoIBAQCKdQ9R9BczEbWP9Lkl 41 | l2gQWExxEQCB7XSrCPZbnRkQNCBeRm++sLnqGx8dCzXAF8zQAaJ1okSrQ/nC5hpf 42 | uFNjb4oQhrAu4oOZrDcTCrBXsV//6i3qA9dTllLky9yMZQAXFfbvmTwtZMgU9+/h 43 | NvMCprl5Yi2Z077sbpsBKbJGcqtOF2RMzak4uIboyfFBDjrQ/2+DKU3UPyrstdk1 44 | oX804n54cmbfwkE+YeqRtdJLlIy33X6wVjQvupkKbXv2fOaVikkYcUxyU8u7V3Zx 45 | mkWoegJJVgHzgTIn5eqMXev4J84MdMAcrQDT8u6kqNgxM6QZRScc8maaimWJuQLY 46 | jT6LAoIBAG0sBmoEGjwPqi1oKOcr7hZbNVdiwtgP9DIXCY2VapftlTBE5xDStcYu 47 | 6lYqeEwWOFTyAIORDeCuIPlFX72aLJw6JbPoKPJAxmXpa71gI7c9Vh06W1Dq0gsE 48 | cHpVcvWi4skwz7VK/kyicekV4U4JczvSm5p1qNaUdfBoaO2QruADQ6zhf6gwa68s 49 | Ka80c8i8jORNFMUHNO/5OP/RAxX40T/3/2nfySyqWGFcBsstR5reUbKbTKTrrwmO 50 | DP1M8I2l5zk3EB0CXx4GPwDF8DHwjsshxvHV93MEHhZhd4JJFP8a4LUwrVpb5V5q 51 | L+CpZdMP5h+7ovvB9vv6sZIggr6jnfk= 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/private_key_x509.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC17GkAhxY94JSX 3 | qsD88AIkNF8HIRzlY4pEJ8bDv3AIOb3TYR7/pPq1pBOdDsBfwg3EJh0stjJ0/ThJ 4 | ITEUj7hyostiCpnVXrDOcSVm34JPnI3AF7GxJEAxtC+/uNXEa2oRWNRCxWLBAmsJ 5 | 0EacP7jlsTFPcQ9IRJOwLh0qN+jFJpYiuu8ezL8Ss2clo+OUt5xxhfjuLn4sIFc4 6 | rwQNxvtS5NmPZC9h05xFvhu1QWRuVgB18ao5X8Zef2bGgCOTJLIbAyopKQKL1UWQ 7 | fmHi1N+GHVUXyUGrUD4dHA914GrDGFXEXQBetBxn6kIyEQ0ZriiwQfeM4WjSHV8I 8 | xa4qaUCty5t7eroUHH6cqUeCVlcEUDFP1b9D80t9WTspE+F6rmh6O4dXu5gagRoI 9 | CjoKY8iQdUnifnHs/v58Xdzf14V+ZVmmEinXlmfpC2bfyO1ubZw4vgq1XBbw8Hv2 10 | pDLJuzAssJ0/ECDI7mzazC/GasSjfnAuW8GqcTuDD3Vj8wLPRimUvxgXzU3XN6m8 11 | iEnizc2/Ah0bJlQ4L/lbcKM7tN2uAmE0cTnHTtDTp+3X8gATsnU4Zbs3fixlKlu+ 12 | 3v3SGUpePJxMDtANONSWtoTtbqHYZM/QVKyLI5OqBoiowb/yxrxIa2tl4tFloBwL 13 | wBn0mjShw6cn6MCAOh1JNzGMKL13DQIDAQABAoICACDJ71LtBhE4/Q8o84ejKn+k 14 | AMykJzUg77bBBI4bXvHcll4WzyN8dMNwQyi3k+yuaRTFWdTJMebsDM0BcnsmPDRN 15 | KyMMjhVq76sFsZwNBMuch9/rZVdsFTXgKAsCIWU5hvCBdiBiux3WdbxbEZ7vzT94 16 | 5E5RLlP0KDpE1XTahtWh0sWHs7l1ZarVMu4Rz97qCQRdBTTIpG0HlzDcOnrRNlMG 17 | dD/n6rJTFYNsdEoC8zr/vS2E1Q1qObKme7ujNMY8gu1jcKHihlb1pYgZf0MG4xKl 18 | DsUuvOtHlypf+FlijVuEc1DlAkAPbl88VZn4gMf0H9lEyn1V0zKroIlQN8flGIbs 19 | WusbYKxpkMZOnubkzSFGO9idSKAjFFYfdFyEP/QVwAI/rB8fl2hEPQzeXmxsEIZi 20 | bx5k53KWsyqQSCvLwemDMNxrX1KtGRo0WGDWRUvuVybM33c8sURrwr0Tt+dTArMx 21 | Zq0qtPjfNczSpjtNalLxn9iW1DXGwuCDf5gREncfh8ok6wfutmqXBGyjdVx7RV8I 22 | TItpvB06Ct3CoBmfVbp3t6diBkVRF6Aah5+P7pUv/WHRJ6SqJgQEHGsI7eUMJ7xm 23 | WBg87lOp74MY3lsxMQPhW/LZHLfBg7hHh+nuyrg7Sh5Jro91h4ideJhx4XoTn2sj 24 | e7lgS+nJuJNnpwedJOyBAoIBAQDtTVTlVfJx51m4/Fx4G7ddjlXBZSDs0G5Be778 25 | 4yPcqr9+AW9szvIyJRMJrPJhIKySA5uRlDjsXCbmbw8vPEslXBU3eKBYZw1bg8wb 26 | 8SJNV7mcRCDPzVeDM0J4q5b7zkXGdse5VTx9eanwUbxlhFoW6HCuzsEkjcBShbh4 27 | hw4Mv8ByIDJ/nPbIUQdtTgvfgCW7qxkI+a5oFtLUb0BYYBovvWFlxkjvDSD+wsMW 28 | wA7hoFIa1qGVcFM6w7ELvGmSDlYcMsEKDRt7EQB5rRhiK1vD2e6tlP1/VtREEteQ 29 | O8J9YTy9Ag8ommZzu8w6geMzizaIBB3zGn0sBX1YpWsfm8+lAoIBAQDEQgaLbSbn 30 | 8VYyf+kEYBl3gqp44ypQVON90QNvD9fz5ULEJZ6KHVaFzdXOSRExy6QEyqMT7Ink 31 | 6N+T+lceEAsATrev30qQtjtc9DdV0Hhu6qjUfAXv4pXv3A+puszomoztOwsICGpH 32 | 4xDF9HMvWRKd00m2CL6VObJNRnUbwuydC6VinaGldWDLQsguGWcVy1aSvjdhaq9x 33 | 4om0b7T649WXH6Osv4lPnpFpSFZ91jsdlamNs04tKbAaEDoYakirBWdxMrKzedm4 34 | 1yghlyi3PZgO+ccwVYTWW0/AM7n895iem/GBOhEy6UZTRjL8D0ULmnK2VHpPsWj4 35 | BadH0yUxbm1JAoIBAH8tKal7BWM8HN7CCQCpwfzW0mjCPQINtnlLy5CWXtrde6EZ 36 | PdEvm6d6LRjLYl7hdvsOCercaCFsRcDLlnS3OIK+NfSzpiOanxMDsHjtI3gV4ri3 37 | 3mnf393FtAMd2t36r3Rsph9SagfJE2VjOLejVfDfA7z7u5FOktrnJXUa1FHK1mWT 38 | kdzIj43Nt1BCOqS+dfp8+P7RaUIJsVX+hZqXbpFVSoST3vSWsa83S/y+U3tiQ350 39 | tsZzG3fr9s+WW3HWUxnrrX8ohSjQdNPBC8dY+2YcPwkyRyVesIYHHxYCoPo3Cak2 40 | GE+nZ+7wn8RfZhdyrXf51N87vAfCrWm7xYx8Ia0CggEBAKh8Ym/6UidXmf+arioy 41 | ckqWY9GKfD4g0nimIsOLH4NkM/B+t1+tFiWi80W4lslgITx31o75R9y8S40XowjN 42 | DxTBf5K+KJ6Zw9bmVkcWxP27+RsKKnKp3Lzh+JRnKRkb7ZaQVMUdrFhwyGqZlPV2 43 | C7RwutxLH4qu0LLkpQ8jRc0BPYeu+iI45dM6Tu68ojIksfsi0BqS43Hq4PuF1yJ4 44 | zFqEMBjTCofPAtkW4CIB9BhO7xQWdivxmRyXB7kELcSczBRzSNUp689y7yH/SlYd 45 | y9g3eVi2YmdAVvQTtD1HNsAb8rZVaoSBnf1Jy+V3Gnh+rLJ5TdPy48Hh4J2Z2Fla 46 | ivkCggEALV59HWzESIPKuyEwUdzp6XGG9+lfrqQgEF8Qwj5mVs7aiMW27L3eh+7f 47 | 3v4eWDUuk/koV2fU6UjAlzIuZx2DwchyGdJEzDs6oW/nqTnI1IY77WLlKygU1aQB 48 | HrE+06CmlpHa7RNQBeCQkuHC23YO0oBB8JWL+B2y85/+RJlRi6v9gEiDLV023IQE 49 | 88QZ+WU24b4eCDbtbiHIXxbC3NYMKa1HgkveJEL8TnpYrq1Lzb9UKrSXZaOqCCZf 50 | +vN2mqCkZ56AZxFjbx+uRx3l2rpPiG1AbbBhjzcY1FNEM5GqDRL7G7hS/qfYs38R 51 | +cMvWtsN/RrildT4Y3i1kpuUL8afSg== 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/certificate/attacker_private_key_kia.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDWj9tcjMZLtGQY 3 | GLHVNDR6JGg5IHcGBo/tKa2u0kf/tzhxtkxEoYEGFoWr0B/t+PyNmKEFS7v68vHb 4 | hu9sHXRQEXDOQpAphWdPo71JOFj/B+szNC0Qd3ZPt0v3TL2ItKWDBEUydxRbKxpL 5 | Cv3CIOHKwEHRKwfLfVnsZvi0quCXsgWQ42kGmWnnsLV+H9c2Fm0lf5K15wa6Ow5E 6 | IET3sbWzX1ayJvYmTslLcTLFAOY9VrshmkPSGkbT9VIBn2o1QaeJVZ/39yicTfQN 7 | M0+dd3ihXyDzp2tkTRrUsuCEUy3dPFpkCatPHcS8SoJz/EyQdWe5WzSx/b/kDKXI 8 | 0Ho4xMuL52I/UuPgvujgA87kLnCGA7M7PMwIUfChFMifstSEUC5p+wmGvpzC47iW 9 | i8c7kqGKFrfqd43UZVr43zHAcochQ3nyEw5v0cI/O9J+IwY4q29dRfUEuECYm95h 10 | NE2zYie50xzt8ucbLwOwsupQPXtOU4cysHk4yMuNKbLpxPlecedZKDZOpHC1HlCi 11 | HRP7F+4Iz0hZUeZMfjXaM71wOU8IoGwf98NbAkTI6bIMy9BDsOeAiExBZzj3QQ2i 12 | H24rld5e51nfrMTpBC3kwS/m/FPPHQGWWytJnx50mDM09HkMYxSuq8Van7Dy51ol 13 | TRpD2cxffwKG5b4YszFlKfSCUwJsSQIDAQABAoICADoEUiN3aVMlJv+hBc0Jvbrd 14 | R1VTIvv9IEPXxkAEWjWaHGgbDApuxU2ZH3Hy5/9YGSpMgBXHgb/8m0tp9Cl+2Wmh 15 | HaiYNRUVHndZZiB7XQ0w3fdNf3X5Z4Nso9zt4j4p4qtHp1JbAqUYRZbPFQi+DW/e 16 | hq2Bfi0W6w7SVSO9JNe/6mNgKpD/QLTGgnzlLTNR4xeFpG0NWDNZLqVbOGrloaUr 17 | /WxUvrBjE2kT5c+BS8CASD9w0C/qrQY5SoBn07cs1pl7DrNlIJULOxeqrTd+C59O 18 | 8sEPnylS9BNZfv4o47jzzdlJCApvmTf0ycuFCErzhCWJtPkADTgj91wSi0n4ZLUk 19 | B7ggHTcdGnxprB4NA+Fa7wSCZDKlgTxkIlGEA1B5gdNEXigFZDx16Gg8o1gARPzm 20 | wCwAsXCfFJN0gt8p6qSil73KJbncGNq3v0rT2lgS8G6zUfJhAhFwNVOoAhjSyuCM 21 | j9nYuDhx3D+PcOyp6B67z7NzdgJwrn6fEluO9OEOLO0MQaHM/aNDaZMGtrhmUVU9 22 | cT4aCkC8vjFJN0NfmoA4o7vf4a8ZlUEe3gC0pDx6oR0UjNz3qfYpbwtu+eYL2W0g 23 | HdQi2X+dOm1vknCVwgCjLemFhjEbUCQ9ZQQbCsSF9gGws4BjA7Y/yrZ6BwZ9BcXR 24 | BaurklImU1MtYt3Tog9lAoIBAQDvrMOS2GZhpeyiJv7molnvYKEP9QtrZONHoWqN 25 | SUsQhHMjdQZP7AMa7g+gLyX16dYjcajYqzPkQvnuU0nlKWUBqm9cbg9UI0kY9x/V 26 | MhPueeGbYKFyhi9oCWHLcBVfoRjl2kNn10sZzM1AGxU2SEHtatT7+xDTXVJZJxr+ 27 | 9MiP2x44UZ5Iy4qs689/qprB7y2a83vQc3PctX3HTCEYuBw2ohPba6T+fDun6vcR 28 | 1nCwwoWmiJnGNL0Tb05gO1cHWS4wKyCvwexpJWBdptZCgDv31n0MUVGuTDWSRv25 29 | MYQz1MwqrDjNq7ZNWe9FlgYLT+Gn5LEQmtMAeFj+5hRDzudTAoIBAQDlLTJAKacV 30 | vpZ2LRfPqGeV8UWwMDTpnDJy1xDEOQDs/7DcuzKAg2PyuuxRK8IPsc5ywrLsdGJK 31 | rBq4NN7BWJ0MzWGph+P/F2Mb7+NWHkg6apMAGxo0V89Cq+3lZRwntu57VRfzM/gY 32 | 9dw+jQIKYXRiFqfxAEJp/1Y5qBHXpnuw/SyTMnOeD+tIoRI7RKrDCfFeN+SUht8s 33 | zniLWXMzhAt/0fw5u4FTa3rHUOSK4d7rqmxVD0mMUPQFpJz1p9uuq6klKWW3Qa0g 34 | fHAT2jFMj9TFeB2T6HpPT1PJ97F1oRNOBtApc2A4YmVj4tpFcJ26bmit/uzMZeMu 35 | Ov9qmrLnBzZzAoIBAGEv7jJKm+F21ei+5VgCd3OQ/F6rIBFRXLQ8KSfXk5/EBahY 36 | GNIpwuyVojJzS/JW+uVufmg1rBogapaQoYNScMnnIbcaTg7xK//6nabm4pwuQiSu 37 | X2lALlMCkuxaq+AWRDFYe0LNU3/Hw2b+VHCphkpOqsTu/timm/DY4aKHAhkLYkq2 38 | FfgwyS/rgz2ioZSIdzbBCvDxEAdsdO9u2HDcn1wsBt9P3BzxpYMmzT8ndJTInEd2 39 | Vty/n/gUh3SQO28YY5lWs69xdHsCk/wF3hYjR63tBNIM25FRB9wj+1iwUopt/MhF 40 | A9eqjIb7NAJEnnjR0JAzNPWlwnALXRMnmwoQCU8CggEAc6AG71pUg2MB9KOxlMKJ 41 | aJwvJcJcn9R/m3MocWe1MN2cNPF5fF9OCQQIALgME/EIkNvse+IISVZlsLR0Aqab 42 | rf7dHDSEcooxJcI1N5jVpito+S+zW99FoYSu5QLLXrorvivjhn+c17MLqL9p3STo 43 | HCkEGFKiL2p07Wf/gIbtdxF08NsOfBvaAG3Ljf2KDhcxIPEgMVOOu8N8DApYVhBz 44 | 4Mxn7hTNHfJnIrKMbAmjd9EnEQ9CcznQtBwmWMaUzp6rGyW0vO201GQUA+Ac6VzT 45 | 48FDYwFy3BrQ0mBWt1tKKx7C3Xbpf+kc8HVe3JQB8DKOO+MXQ9TP9t4rSXS9eFQq 46 | QwKCAQEAmBg38kXafcSNIfpGvagN0fGuBsGXGGxShPeYXfEju7ifY485kXmBkDDo 47 | 9Fz5YtpZS0La3o1jjgxryeJbpWO2oiIBKol06yPiU1enjbXMTBXTerR1c+DhVCmT 48 | R9ewOcPtZ+ws77yUY5q4UWueC33iJRRjjWP/NQXVZ2YZJvr4RPMI+pvihFxs6ze0 49 | PaDiG9GbAGvyX4395kLcJCaARvlbt5p4FFMd2F6LVNEB8Cua8o7S/7oKV/E6H7FD 50 | t+1nzNjatbZBmtOeY/XDdFmZreLpVbiFXVjdjbUsSLHQ1d/hi6YVh+sru5tMi5Kv 51 | IFZ80SIJp9PgQnY2SakQBeXwho3A4g== 52 | -----END PRIVATE KEY----- 53 | -------------------------------------------------------------------------------- /JWT-attacks.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "_postman_id": "fb7c45b9-58e6-4ed2-8a71-f2ae0194013c", 4 | "name": "JWT-attacks", 5 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" 6 | }, 7 | "item": [ 8 | { 9 | "name": "key-confusion", 10 | "item": [ 11 | { 12 | "name": "kc-obtain-token", 13 | "request": { 14 | "method": "POST", 15 | "header": [], 16 | "body": { 17 | "mode": "raw", 18 | "raw": "{\n \"attack\":\"key-confusion\"\n}", 19 | "options": { 20 | "raw": { 21 | "language": "json" 22 | } 23 | } 24 | }, 25 | "url": { 26 | "raw": "https://127.0.0.1/jwt", 27 | "protocol": "https", 28 | "host": [ 29 | "127", 30 | "0", 31 | "0", 32 | "1" 33 | ], 34 | "path": [ 35 | "jwt" 36 | ] 37 | } 38 | }, 39 | "response": [] 40 | }, 41 | { 42 | "name": "kc-send-token", 43 | "request": { 44 | "method": "POST", 45 | "header": [], 46 | "body": { 47 | "mode": "raw", 48 | "raw": "{\n \"jwt_token\": \"\"\n}", 49 | "options": { 50 | "raw": { 51 | "language": "json" 52 | } 53 | } 54 | }, 55 | "url": { 56 | "raw": "https://127.0.0.1/jwt/key-confusion", 57 | "protocol": "https", 58 | "host": [ 59 | "127", 60 | "0", 61 | "0", 62 | "1" 63 | ], 64 | "path": [ 65 | "jwt", 66 | "key-confusion" 67 | ] 68 | } 69 | }, 70 | "response": [] 71 | } 72 | ], 73 | "protocolProfileBehavior": {} 74 | }, 75 | { 76 | "name": "none", 77 | "item": [ 78 | { 79 | "name": "none-obtain-token", 80 | "request": { 81 | "method": "POST", 82 | "header": [], 83 | "body": { 84 | "mode": "raw", 85 | "raw": "{\n \"attack\":\"none\"\n}", 86 | "options": { 87 | "raw": { 88 | "language": "json" 89 | } 90 | } 91 | }, 92 | "url": { 93 | "raw": "https://127.0.0.1/jwt", 94 | "protocol": "https", 95 | "host": [ 96 | "127", 97 | "0", 98 | "0", 99 | "1" 100 | ], 101 | "path": [ 102 | "jwt" 103 | ] 104 | } 105 | }, 106 | "response": [] 107 | }, 108 | { 109 | "name": "none-send-token", 110 | "request": { 111 | "method": "POST", 112 | "header": [], 113 | "body": { 114 | "mode": "raw", 115 | "raw": "{\n \"jwt_token\":\"\"\n}", 116 | "options": { 117 | "raw": { 118 | "language": "json" 119 | } 120 | } 121 | }, 122 | "url": { 123 | "raw": "https://127.0.0.1/jwt/none", 124 | "protocol": "https", 125 | "host": [ 126 | "127", 127 | "0", 128 | "0", 129 | "1" 130 | ], 131 | "path": [ 132 | "jwt", 133 | "none" 134 | ] 135 | } 136 | }, 137 | "response": [] 138 | } 139 | ], 140 | "protocolProfileBehavior": {} 141 | }, 142 | { 143 | "name": "weak-secret", 144 | "item": [ 145 | { 146 | "name": "weak-secret-obtain-token", 147 | "request": { 148 | "method": "POST", 149 | "header": [], 150 | "body": { 151 | "mode": "raw", 152 | "raw": "{\n \"attack\":\"weak-secret\"\n}", 153 | "options": { 154 | "raw": { 155 | "language": "json" 156 | } 157 | } 158 | }, 159 | "url": { 160 | "raw": "https://127.0.0.1/jwt", 161 | "protocol": "https", 162 | "host": [ 163 | "127", 164 | "0", 165 | "0", 166 | "1" 167 | ], 168 | "path": [ 169 | "jwt" 170 | ] 171 | } 172 | }, 173 | "response": [] 174 | }, 175 | { 176 | "name": "weak-secret-send-token", 177 | "request": { 178 | "method": "POST", 179 | "header": [], 180 | "body": { 181 | "mode": "raw", 182 | "raw": "{\n \"jwt_token\": \"\"\n}", 183 | "options": { 184 | "raw": { 185 | "language": "json" 186 | } 187 | } 188 | }, 189 | "url": { 190 | "raw": "https://127.0.0.1/jwt/weak-secret", 191 | "protocol": "https", 192 | "host": [ 193 | "127", 194 | "0", 195 | "0", 196 | "1" 197 | ], 198 | "path": [ 199 | "jwt", 200 | "weak-secret" 201 | ] 202 | } 203 | }, 204 | "response": [] 205 | } 206 | ], 207 | "protocolProfileBehavior": {} 208 | }, 209 | { 210 | "name": "key-injection", 211 | "item": [ 212 | { 213 | "name": "ki-obtain-token", 214 | "request": { 215 | "method": "POST", 216 | "header": [], 217 | "body": { 218 | "mode": "raw", 219 | "raw": "{\n \"attack\":\"key-injection\"\n}", 220 | "options": { 221 | "raw": { 222 | "language": "json" 223 | } 224 | } 225 | }, 226 | "url": { 227 | "raw": "https://127.0.0.1/jwt", 228 | "protocol": "https", 229 | "host": [ 230 | "127", 231 | "0", 232 | "0", 233 | "1" 234 | ], 235 | "path": [ 236 | "jwt" 237 | ] 238 | } 239 | }, 240 | "response": [] 241 | }, 242 | { 243 | "name": "ki-send-token", 244 | "request": { 245 | "method": "POST", 246 | "header": [], 247 | "body": { 248 | "mode": "raw", 249 | "raw": "{\n \"jwt_token\": \"\"\n}", 250 | "options": { 251 | "raw": { 252 | "language": "json" 253 | } 254 | } 255 | }, 256 | "url": { 257 | "raw": "https://127.0.0.1/jwt/key-injection", 258 | "protocol": "https", 259 | "host": [ 260 | "127", 261 | "0", 262 | "0", 263 | "1" 264 | ], 265 | "path": [ 266 | "jwt", 267 | "key-injection" 268 | ] 269 | } 270 | }, 271 | "response": [] 272 | } 273 | ], 274 | "protocolProfileBehavior": {} 275 | }, 276 | { 277 | "name": "jwks-spoofing", 278 | "item": [ 279 | { 280 | "name": "jku-send-token", 281 | "request": { 282 | "method": "POST", 283 | "header": [], 284 | "body": { 285 | "mode": "raw", 286 | "raw": "{\n \"jwt_token\": \"\"\n}", 287 | "options": { 288 | "raw": { 289 | "language": "json" 290 | } 291 | } 292 | }, 293 | "url": { 294 | "raw": "https://127.0.0.1/jwt/jku", 295 | "protocol": "https", 296 | "host": [ 297 | "127", 298 | "0", 299 | "0", 300 | "1" 301 | ], 302 | "path": [ 303 | "jwt", 304 | "jku" 305 | ] 306 | } 307 | }, 308 | "response": [] 309 | }, 310 | { 311 | "name": "jku-obtain-token", 312 | "request": { 313 | "method": "POST", 314 | "header": [], 315 | "body": { 316 | "mode": "raw", 317 | "raw": "{\n \"attack\":\"jku\"\n}", 318 | "options": { 319 | "raw": { 320 | "language": "json" 321 | } 322 | } 323 | }, 324 | "url": { 325 | "raw": "https://127.0.0.1/jwt/", 326 | "protocol": "https", 327 | "host": [ 328 | "127", 329 | "0", 330 | "0", 331 | "1" 332 | ], 333 | "path": [ 334 | "jwt", 335 | "" 336 | ] 337 | } 338 | }, 339 | "response": [] 340 | }, 341 | { 342 | "name": "x5u-send-token", 343 | "request": { 344 | "method": "POST", 345 | "header": [], 346 | "body": { 347 | "mode": "raw", 348 | "raw": "{\n \"jwt_token\": \"\"\n}", 349 | "options": { 350 | "raw": { 351 | "language": "json" 352 | } 353 | } 354 | }, 355 | "url": { 356 | "raw": "https://127.0.0.1/jwt/x5u", 357 | "protocol": "https", 358 | "host": [ 359 | "127", 360 | "0", 361 | "0", 362 | "1" 363 | ], 364 | "path": [ 365 | "jwt", 366 | "x5u" 367 | ] 368 | } 369 | }, 370 | "response": [] 371 | }, 372 | { 373 | "name": "x5u-obtain-token", 374 | "request": { 375 | "method": "POST", 376 | "header": [], 377 | "body": { 378 | "mode": "raw", 379 | "raw": "{\n \"attack\":\"x5u\"\n}", 380 | "options": { 381 | "raw": { 382 | "language": "json" 383 | } 384 | } 385 | }, 386 | "url": { 387 | "raw": "https://127.0.0.1/jwt/", 388 | "protocol": "https", 389 | "host": [ 390 | "127", 391 | "0", 392 | "0", 393 | "1" 394 | ], 395 | "path": [ 396 | "jwt", 397 | "" 398 | ] 399 | } 400 | }, 401 | "response": [] 402 | } 403 | ], 404 | "protocolProfileBehavior": {} 405 | }, 406 | { 407 | "name": "kid", 408 | "item": [ 409 | { 410 | "name": "kid00-send-token", 411 | "request": { 412 | "method": "POST", 413 | "header": [], 414 | "body": { 415 | "mode": "raw", 416 | "raw": "{\n \"jwt_token\": \"\"\n}", 417 | "options": { 418 | "raw": { 419 | "language": "json" 420 | } 421 | } 422 | }, 423 | "url": { 424 | "raw": "https://127.0.0.1/jwt/kid00", 425 | "protocol": "https", 426 | "host": [ 427 | "127", 428 | "0", 429 | "0", 430 | "1" 431 | ], 432 | "path": [ 433 | "jwt", 434 | "kid00" 435 | ] 436 | } 437 | }, 438 | "response": [] 439 | }, 440 | { 441 | "name": "kid00-obtain-token", 442 | "request": { 443 | "method": "POST", 444 | "header": [], 445 | "body": { 446 | "mode": "raw", 447 | "raw": "{\n \"attack\":\"kid00\"\n}", 448 | "options": { 449 | "raw": { 450 | "language": "json" 451 | } 452 | } 453 | }, 454 | "url": { 455 | "raw": "https://127.0.0.1/jwt", 456 | "protocol": "https", 457 | "host": [ 458 | "127", 459 | "0", 460 | "0", 461 | "1" 462 | ], 463 | "path": [ 464 | "jwt" 465 | ] 466 | } 467 | }, 468 | "response": [] 469 | } 470 | ], 471 | "protocolProfileBehavior": {} 472 | } 473 | ], 474 | "protocolProfileBehavior": {} 475 | } -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/app.js: -------------------------------------------------------------------------------- 1 | const express = require("express"); 2 | const https = require('https'); 3 | const fs = require('fs'); 4 | const JWT = require('jsonwebtoken'); 5 | const jwkToPem = require('jwk-to-pem'); 6 | const request = require('request'); 7 | const { exec } = require('child_process'); 8 | 9 | const app = express(); 10 | app.use(express.json()); //midleware needed to handle post request 11 | 12 | //Environment: Disable unauthorized x509 certificates. 13 | process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0; 14 | 15 | //JWT payload 16 | const payload = { account: "Bob", role: "User" }; 17 | 18 | app.get("/", (req, res) => { 19 | res.status(200).json({ app: 'JWT Signature basic challenges.' }); 20 | }); 21 | 22 | app.post('/jwt/none', (req, res) => { //None endpoint 23 | const { jwt_token } = req.body; 24 | let secret_key = ''; 25 | if (jwt_token == null) { 26 | res.status(400).send('Send a HTTP request with a body with the format: {jwt: "< Place the JWT to test here >"}'); 27 | } else { 28 | const jwt_b64_dec = JWT.decode(jwt_token, { complete: true }); 29 | if (jwt_b64_dec.header.alg == 'HS256') { 30 | secret_key = '885ae2060fbedcfb491c5e8aafc92cab5a8057b3d4c39655acce9d4f09280a20'; 31 | } else if (jwt_b64_dec.header.alg == 'none') { 32 | secret_key = ''; 33 | } 34 | JWT.verify(jwt_token, secret_key, { algorithms: ['none', 'HS256'], complete: true, audience: 'https://127.0.0.1/jwt/none' }, (err, decoded_token) => { 35 | if (err) { 36 | res.status(400).json(err); 37 | } else { 38 | const success = { 39 | message: 'Congrats!! You\'ve solved the JWT challenge!!', 40 | jwt_token: decoded_token 41 | } 42 | res.status(200).json(success); 43 | } 44 | }); 45 | } 46 | }); 47 | 48 | app.post('/jwt/weak-secret', (req, res) => { //weak-secret endpoint 49 | const { jwt_token } = req.body; 50 | 51 | if (jwt_token === null) { 52 | res.status(400).send('Send a HTTP request with a body with the format: {jwt: "< Place the JWT to test here >"}'); 53 | } else { 54 | const secret_key = 'slipknot666'; 55 | JWT.verify(jwt_token, secret_key, { algorithm: 'HS256', complete: true, audience: 'https://127.0.0.1/jwt/weak-secret' }, (err, decoded_token) => { 56 | if (err) { 57 | res.status(400).json(err); 58 | } else { 59 | const success = { 60 | message: 'Congrats!! You\'ve solved the JWT challenge!!', 61 | jwt_token: decoded_token 62 | } 63 | res.status(200).json(success); 64 | } 65 | }); 66 | } 67 | }); 68 | 69 | app.post('/jwt/key-confusion', (req, res) => { //key-confusion endpoint 70 | const { jwt_token } = req.body; 71 | 72 | if (jwt_token === null) { 73 | res.status(400).send('Send a HTTP request with a body with the format: {jwt: "< Place the JWT to test here >"}'); 74 | } else { 75 | const publicKey = fs.readFileSync(`${__dirname}/certificate/public_key_kca.crt`); 76 | JWT.verify(jwt_token, publicKey, { algorithms: ['RS256', 'HS256'], complete: true, audience: 'https://127.0.0.1/jwt/key-confusion' }, (err, decoded_token) => { 77 | if (err) { 78 | res.status(400).json(err); 79 | } else { 80 | const success = { 81 | message: 'Congrats!! You\'ve solved the JWT challenge!!', 82 | jwt_token: decoded_token 83 | } 84 | res.status(200).json(success); 85 | } 86 | }); 87 | } 88 | }); 89 | 90 | app.post('/jwt/key-injection', (req, res) => { //key-injection endpoint 91 | const { jwt_token } = req.body; 92 | 93 | if (jwt_token === null) { 94 | res.status(400).send('Send a HTTP request with a body with the format: {jwt: "< Place the JWT to test here >"}'); 95 | } else { 96 | 97 | const jwt_b64_dec = JWT.decode(jwt_token, { complete: true }); 98 | thepublicKey = jwkToPem(jwt_b64_dec.header.jwk); 99 | 100 | JWT.verify(jwt_token, thepublicKey, { algorithm: 'RS256', complete: true, audience: 'https://127.0.0.1/jwt/key-injection' }, (err, decoded_token) => { 101 | if (err) { 102 | res.status(400).json(err); 103 | } else { 104 | const success = { 105 | message: 'Congrats!! You\'ve solved the JWT challenge!!', 106 | jwt_token: decoded_token 107 | } 108 | res.status(200).json(success); 109 | } 110 | }); 111 | } 112 | }); 113 | 114 | app.post('/jwt/jku', (req, res) => { //jku endpoint 115 | const { jwt_token } = req.body; 116 | let thepublicKey = {}; 117 | if (jwt_token === null) { 118 | res.status(400).send('Send a HTTP request with a body with the format: {jwt: "< Place the JWT to test here >"}'); 119 | } else { 120 | 121 | const jwt_b64_dec = JWT.decode(jwt_token, { complete: true }); 122 | request(jwt_b64_dec.header.jku, (error, response, body) => { 123 | if (error) { 124 | res.status(500).json(error); 125 | } else { 126 | if (response.statusCode == 200) { 127 | thepublicKey = jwkToPem(JSON.parse(body)); 128 | JWT.verify(jwt_token, thepublicKey, { algorithm: 'RS256', complete: true, audience: 'https://127.0.0.1/jwt/jku' }, (err, decoded_token) => { 129 | if (err) { 130 | res.status(400).json(err); 131 | } else { 132 | const success = { 133 | message: 'Congrats!! You\'ve solved the JWT challenge!!', 134 | jwt_token: decoded_token 135 | } 136 | res.status(200).json(success); 137 | } 138 | }); 139 | } 140 | else { 141 | res.status(500).json(`An error has ocurred reaching ${jwt_b64_dec.header.jku}, status: ${response.statusCode}`); 142 | } 143 | } 144 | }); 145 | } 146 | }); 147 | 148 | app.post('/jwt/x5u', (req, res) => { //x5u endpoint 149 | const { jwt_token } = req.body; 150 | 151 | if (jwt_token === null) { 152 | res.status(400).send('Send a HTTP request with a body with the format: {jwt: "< Place the JWT to test here >"}'); 153 | } else { 154 | const jwt_b64_dec = JWT.decode(jwt_token, { complete: true }); 155 | request(jwt_b64_dec.header.x5u, (error, response, body) => { 156 | if (error) { 157 | res.status(500).send(error); 158 | } else { 159 | if (response.statusCode == 200) { 160 | fs.writeFile(`${__dirname}/certificate/temp_x5u.cert`, body, (err) => { 161 | if (err) { 162 | res.status(500).send(err); 163 | } else { 164 | exec(` openssl x509 -in ${__dirname}/certificate/temp_x5u.cert -noout -pubkey`, (error, x509cert, stderr) => { 165 | if (error) { 166 | res.status(500).send(error.message); 167 | } 168 | if (stderr) { 169 | res.status(500).send(stderr); 170 | } 171 | JWT.verify(jwt_token, x509cert, { algorithm: 'RS256', complete: true, audience: 'https://127.0.0.1/jwt/x5u' }, (err, decoded_token) => { 172 | if (err) { 173 | res.status(400).json(err); 174 | } else { 175 | const success = { 176 | message: 'Congrats!! You\'ve solved the JWT challenge!!', 177 | jwt_token: decoded_token 178 | } 179 | res.status(200).json(success); 180 | } 181 | }); 182 | }); 183 | } 184 | }); 185 | } 186 | else { 187 | res.status(500).send(response.body); 188 | } 189 | } 190 | }); 191 | } 192 | }); 193 | 194 | app.post('/jwt/kid00', (req, res) => { //kid endpoint command execution 195 | const { jwt_token } = req.body; 196 | 197 | if (jwt_token === null) { 198 | res.status(400).send('Send a HTTP request with a body with the format: {jwt: "< Place the JWT to test here >"}'); 199 | } else { 200 | const jwt_b64_dec = JWT.decode(jwt_token, { complete: true }); 201 | 202 | if (jwt_b64_dec.header.kid) { 203 | exec(`cat ${__dirname}/secrets/${jwt_b64_dec.header.kid}`, (error, secret_key, stderr) => { 204 | if (error) { 205 | res.status(200).send(error); 206 | } 207 | if (stderr) { 208 | res.status(200).send(stderr); 209 | } 210 | JWT.verify(jwt_token, secret_key, { algorithm: 'HS256', complete: true, audience: 'https://127.0.0.1/jwt/kid00' }, (err, decoded_token) => { 211 | if (err) { 212 | res.status(400).json(err); 213 | } else { 214 | res.status(200).json(decoded_token); 215 | } 216 | }); 217 | }); 218 | } 219 | } 220 | }); 221 | 222 | 223 | app.get('/webkeys/certificate_x509.crt', (req, res) => { //makes the certificate available, this is for xsu attack 224 | fs.readFile(`${__dirname}/webkeys/certificate_x509.crt`, (err, data) => { 225 | if (err) { 226 | res.status(404).json(err); 227 | } 228 | else { 229 | res.status(200).send(data); 230 | } 231 | }); 232 | }); 233 | 234 | app.get('/webkeys/jwks.json', (req, res) => { //makes the json web key available, this is for jku attack 235 | fs.readFile(`${__dirname}/webkeys/jwks.json`, (err, data) => { 236 | if (err) { 237 | res.status(404).json(err); 238 | } 239 | else { 240 | res.status(200).json(JSON.parse(data)); 241 | } 242 | }); 243 | }); 244 | 245 | app.post("/jwt", (req, res) => { 246 | const { attack } = req.body; 247 | if (attack === null) { 248 | res.status(400).send('provided a valid attack value'); 249 | } 250 | 251 | //Generate token to be used in alg:none attack. 252 | if (attack === 'none') { 253 | JWT.sign(payload, '885ae2060fbedcfb491c5e8aafc92cab5a8057b3d4c39655acce9d4f09280a20', { algorithm: 'HS256', audience: 'https://127.0.0.1/jwt/none' }, (err, token) => { 254 | const res_body = { 255 | jwt: token, 256 | endpoint: 'https://127.0.0.1/jwt/none' 257 | }; 258 | res.status(200).json(res_body); 259 | }); 260 | } 261 | 262 | //Generate token to be used in weak-secret attacks. 263 | if (attack === 'weak-secret') { 264 | const secret_key = 'slipknot666'; 265 | JWT.sign(payload, secret_key, { algorithm: 'HS256', audience: 'https://127.0.0.1/jwt/weak-secret' }, (err, token) => { 266 | const res_body = { 267 | jwt: token, 268 | endpoint: 'https://127.0.0.1/jwt/weak-secret' 269 | } 270 | res.status(200).json(res_body); 271 | }); 272 | } 273 | 274 | //Generate token to be used in Key-Confusion attacks. //Swapping RS for HS 275 | if (attack === 'key-confusion') { 276 | const privateKey = fs.readFileSync(`${__dirname}/certificate/private_key_kca.key`); 277 | JWT.sign(payload, privateKey, { algorithm: 'RS256', audience: 'https://127.0.0.1/jwt/key-confusion' }, (err, token) => { 278 | const res_body = { 279 | jwt: token, 280 | endpoint: 'https://127.0.0.1/jwt/key-confusion' 281 | } 282 | res.status(200).json(res_body); 283 | }); 284 | } 285 | 286 | //Generate token to be used in Key-Injection attacks 287 | if (attack === 'key-injection') { 288 | jwk = { 289 | kty: 'RSA', 290 | kid: 'key-0', 291 | use: 'sig', 292 | e: 'AQAB', 293 | n: '2_AgfALcXXh5eYJRPOS4szQTATmzpK3Fx0Yny3ktek8XkBwmupxF-y6dWRmtg7L1_Ynjczg218VzcH4CNxhHBcZORh7uunWvZnGI31Tgq0wORMU8srNOwrDRDgfFqtzxfb3YhTchzqX9xpfaU-FCp9iFDge8WNAsDQhRofKV96uJmlyyM7Xo6SMhPv1gjKv6oyTvJ0mBncAJOpqLuV9Vj6Cr42LQd6IjW7se-6xzalkVkj4ZoYJAkBpqueh9ZJV87O2FHRF41Q3wc9yIIcttAAGH_YOgFlMIi3ORDJdqlEGondjwj2q22KcnsGiRRZE98nYVpi4WbvD-4vvpFU_8EhttMz1DQ4IQ6koP8-nzKIlZgddupXgCzk6M9yQZ9dJX1H76P3hnCNcGA2CT3-cjq4jjnh9K8nmLio2bW3-c2EIgrnpLUORy3_F0U5CS22UjCZWmeUkR0J8H3bByOfoP5iw5Bqk6Ovxtt5QWo5jsowNZ9g4TPfi4EBtiLUfWTITv-FWC9i1Jv-sqz6zwM6vthHv47anpp_cBZLk2VCqEF1YQm_Pa_p3_cSDI22KDvrHWZ8xr04srqQWoakicYawcons1GCirilQyjRFsDuGra1l7ad1MkoUKIy2iCzJPpTQ5mem_e654sh4XIrNa99neaClhLoIGLXs5YbWz4eweHQU' 294 | } 295 | const privateKey_kia = fs.readFileSync(`${__dirname}/certificate/private_key_kia.key`); 296 | JWT.sign(payload, privateKey_kia, { algorithm: 'RS256', audience: 'https://127.0.0.1/jwt/key-injection', header: { jwk: jwk } }, (err, token) => { 297 | const res_body = { 298 | jwt: token, 299 | endpoint: 'https://127.0.0.1/jwt/key-injection' 300 | } 301 | res.status(200).json(res_body); 302 | }); 303 | } 304 | //Generate token to be used in JKU attacks 305 | if (attack === 'jku') { 306 | const privateKey_kia = fs.readFileSync(`${__dirname}/certificate/private_key_kia.key`); 307 | JWT.sign(payload, privateKey_kia, { algorithm: 'RS256', audience: 'https://127.0.0.1/jwt/jku', header: { jku: 'https://127.0.0.1/webkeys/jwks.json' } }, (err, token) => { 308 | const res_body = { 309 | jwt: token, 310 | endpoint: 'https://127.0.0.1/jwt/jku' 311 | } 312 | res.status(200).json(res_body); 313 | }); 314 | } 315 | //Generate token to be used in X5U attacks 316 | if (attack === 'x5u') { 317 | const privateKey_x509 = fs.readFileSync(`${__dirname}/certificate/private_key_x509.key`); 318 | JWT.sign(payload, privateKey_x509, { algorithm: 'RS256', audience: 'https://127.0.0.1/jwt/x5u', header: { x5u: 'https://127.0.0.1/webkeys/certificate_x509.crt' } }, (err, token) => { 319 | const res_body = { 320 | jwt: token, 321 | endpoint: 'https://127.0.0.1/jwt/x5u' 322 | } 323 | res.status(200).json(res_body); 324 | }); 325 | } 326 | //Generate token to be used in kid00 (command injection) attack. 327 | if (attack === 'kid00') { 328 | 329 | exec(`cat ${__dirname}/secrets/keyfile.txt`, (error, secret_key, stderr) => { 330 | if (error) { 331 | res.status(200).send(error); 332 | } 333 | if (stderr) { 334 | res.status(200).send(stderr); 335 | } 336 | JWT.sign(payload, secret_key, { algorithm: 'HS256', audience: 'https://127.0.0.1/jwt/kid00', header: { kid: 'keyfile.txt' } }, (err, token) => { 337 | const res_body = { 338 | jwt: token, 339 | endpoint: 'https://127.0.0.1/jwt/kid00' 340 | }; 341 | res.status(200).json(res_body); 342 | }); 343 | }); 344 | } 345 | 346 | }); 347 | 348 | https.createServer({ //Use a certificate to provide TLS 349 | key: fs.readFileSync(`${__dirname}/certificate/private_key_kca.key`, (err, data) => { 350 | console.log(err); 351 | }), 352 | cert: fs.readFileSync(`${__dirname}/certificate/certificate_kca.crt`, (err, data) => { 353 | console.log(err); 354 | }) 355 | }, app).listen(443); -------------------------------------------------------------------------------- /jwt-signature-apis-challenges/package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jwt-explotation-practices", 3 | "version": "1.0.0", 4 | "lockfileVersion": 1, 5 | "requires": true, 6 | "dependencies": { 7 | "@chilkat/ck-node12-linux64": { 8 | "version": "9.50.83", 9 | "resolved": "https://registry.npmjs.org/@chilkat/ck-node12-linux64/-/ck-node12-linux64-9.50.83.tgz", 10 | "integrity": "sha512-+49vOKO8PCIoG+xiwqNIjbG1KCMpWKednZCV659yFrnmPray9mkUO7KRU/J2Uu2cHaZA/hd0SxjTJXgAhrf11A==" 11 | }, 12 | "accepts": { 13 | "version": "1.3.7", 14 | "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz", 15 | "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==", 16 | "requires": { 17 | "mime-types": "~2.1.24", 18 | "negotiator": "0.6.2" 19 | } 20 | }, 21 | "ajv": { 22 | "version": "6.12.3", 23 | "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.3.tgz", 24 | "integrity": "sha512-4K0cK3L1hsqk9xIb2z9vs/XU+PGJZ9PNpJRDS9YLzmNdX6jmVPfamLvTJr0aDAusnHyCHO6MjzlkAsgtqp9teA==", 25 | "requires": { 26 | "fast-deep-equal": "^3.1.1", 27 | "fast-json-stable-stringify": "^2.0.0", 28 | "json-schema-traverse": "^0.4.1", 29 | "uri-js": "^4.2.2" 30 | } 31 | }, 32 | "array-flatten": { 33 | "version": "1.1.1", 34 | "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", 35 | "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI=" 36 | }, 37 | "asn1": { 38 | "version": "0.2.4", 39 | "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz", 40 | "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==", 41 | "requires": { 42 | "safer-buffer": "~2.1.0" 43 | } 44 | }, 45 | "asn1.js": { 46 | "version": "5.4.1", 47 | "resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz", 48 | "integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==", 49 | "requires": { 50 | "bn.js": "^4.0.0", 51 | "inherits": "^2.0.1", 52 | "minimalistic-assert": "^1.0.0", 53 | "safer-buffer": "^2.1.0" 54 | } 55 | }, 56 | "assert-plus": { 57 | "version": "1.0.0", 58 | "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz", 59 | "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=" 60 | }, 61 | "asynckit": { 62 | "version": "0.4.0", 63 | "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", 64 | "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=" 65 | }, 66 | "aws-sign2": { 67 | "version": "0.7.0", 68 | "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz", 69 | "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=" 70 | }, 71 | "aws4": { 72 | "version": "1.10.0", 73 | "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.10.0.tgz", 74 | "integrity": "sha512-3YDiu347mtVtjpyV3u5kVqQLP242c06zwDOgpeRnybmXlYYsLbtTrUBUm8i8srONt+FWobl5aibnU1030PeeuA==" 75 | }, 76 | "base64-js": { 77 | "version": "1.3.1", 78 | "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz", 79 | "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==" 80 | }, 81 | "base64url": { 82 | "version": "3.0.1", 83 | "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", 84 | "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==" 85 | }, 86 | "bcrypt-pbkdf": { 87 | "version": "1.0.2", 88 | "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz", 89 | "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=", 90 | "requires": { 91 | "tweetnacl": "^0.14.3" 92 | } 93 | }, 94 | "bn.js": { 95 | "version": "4.11.9", 96 | "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.11.9.tgz", 97 | "integrity": "sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==" 98 | }, 99 | "body-parser": { 100 | "version": "1.19.0", 101 | "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz", 102 | "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==", 103 | "requires": { 104 | "bytes": "3.1.0", 105 | "content-type": "~1.0.4", 106 | "debug": "2.6.9", 107 | "depd": "~1.1.2", 108 | "http-errors": "1.7.2", 109 | "iconv-lite": "0.4.24", 110 | "on-finished": "~2.3.0", 111 | "qs": "6.7.0", 112 | "raw-body": "2.4.0", 113 | "type-is": "~1.6.17" 114 | } 115 | }, 116 | "brorand": { 117 | "version": "1.1.0", 118 | "resolved": "https://registry.npmjs.org/brorand/-/brorand-1.1.0.tgz", 119 | "integrity": "sha1-EsJe/kCkXjwyPrhnWgoM5XsiNx8=" 120 | }, 121 | "browserify-zlib": { 122 | "version": "0.2.0", 123 | "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz", 124 | "integrity": "sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==", 125 | "requires": { 126 | "pako": "~1.0.5" 127 | } 128 | }, 129 | "buffer": { 130 | "version": "5.6.0", 131 | "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.6.0.tgz", 132 | "integrity": "sha512-/gDYp/UtU0eA1ys8bOs9J6a+E/KWIY+DZ+Q2WESNUA0jFRsJOc0SNUO6xJ5SGA1xueg3NL65W6s+NY5l9cunuw==", 133 | "requires": { 134 | "base64-js": "^1.0.2", 135 | "ieee754": "^1.1.4" 136 | } 137 | }, 138 | "buffer-equal-constant-time": { 139 | "version": "1.0.1", 140 | "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", 141 | "integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=" 142 | }, 143 | "bytes": { 144 | "version": "3.1.0", 145 | "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz", 146 | "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg==" 147 | }, 148 | "caseless": { 149 | "version": "0.12.0", 150 | "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz", 151 | "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=" 152 | }, 153 | "child_process": { 154 | "version": "1.0.2", 155 | "resolved": "https://registry.npmjs.org/child_process/-/child_process-1.0.2.tgz", 156 | "integrity": "sha1-sffn/HPSXn/R1FWtyU4UODAYK1o=" 157 | }, 158 | "combined-stream": { 159 | "version": "1.0.8", 160 | "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", 161 | "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", 162 | "requires": { 163 | "delayed-stream": "~1.0.0" 164 | } 165 | }, 166 | "content-disposition": { 167 | "version": "0.5.3", 168 | "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz", 169 | "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==", 170 | "requires": { 171 | "safe-buffer": "5.1.2" 172 | } 173 | }, 174 | "content-type": { 175 | "version": "1.0.4", 176 | "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz", 177 | "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==" 178 | }, 179 | "cookie": { 180 | "version": "0.4.0", 181 | "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz", 182 | "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg==" 183 | }, 184 | "cookie-signature": { 185 | "version": "1.0.6", 186 | "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", 187 | "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" 188 | }, 189 | "core-util-is": { 190 | "version": "1.0.2", 191 | "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", 192 | "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=" 193 | }, 194 | "crypto": { 195 | "version": "1.0.1", 196 | "resolved": "https://registry.npmjs.org/crypto/-/crypto-1.0.1.tgz", 197 | "integrity": "sha512-VxBKmeNcqQdiUQUW2Tzq0t377b54N2bMtXO/qiLa+6eRRmmC4qT3D4OnTGoT/U6O9aklQ/jTwbOtRMTTY8G0Ig==" 198 | }, 199 | "dashdash": { 200 | "version": "1.14.1", 201 | "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz", 202 | "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=", 203 | "requires": { 204 | "assert-plus": "^1.0.0" 205 | } 206 | }, 207 | "debug": { 208 | "version": "2.6.9", 209 | "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", 210 | "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", 211 | "requires": { 212 | "ms": "2.0.0" 213 | } 214 | }, 215 | "delayed-stream": { 216 | "version": "1.0.0", 217 | "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", 218 | "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" 219 | }, 220 | "depd": { 221 | "version": "1.1.2", 222 | "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", 223 | "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak=" 224 | }, 225 | "destroy": { 226 | "version": "1.0.4", 227 | "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz", 228 | "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA=" 229 | }, 230 | "ecc-jsbn": { 231 | "version": "0.1.2", 232 | "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz", 233 | "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=", 234 | "requires": { 235 | "jsbn": "~0.1.0", 236 | "safer-buffer": "^2.1.0" 237 | } 238 | }, 239 | "ecdsa-sig-formatter": { 240 | "version": "1.0.11", 241 | "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", 242 | "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", 243 | "requires": { 244 | "safe-buffer": "^5.0.1" 245 | } 246 | }, 247 | "ee-first": { 248 | "version": "1.1.1", 249 | "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", 250 | "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" 251 | }, 252 | "elliptic": { 253 | "version": "6.5.3", 254 | "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz", 255 | "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==", 256 | "requires": { 257 | "bn.js": "^4.4.0", 258 | "brorand": "^1.0.1", 259 | "hash.js": "^1.0.0", 260 | "hmac-drbg": "^1.0.0", 261 | "inherits": "^2.0.1", 262 | "minimalistic-assert": "^1.0.0", 263 | "minimalistic-crypto-utils": "^1.0.0" 264 | } 265 | }, 266 | "encodeurl": { 267 | "version": "1.0.2", 268 | "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", 269 | "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k=" 270 | }, 271 | "es6-promise": { 272 | "version": "4.2.8", 273 | "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", 274 | "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==" 275 | }, 276 | "escape-html": { 277 | "version": "1.0.3", 278 | "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", 279 | "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=" 280 | }, 281 | "etag": { 282 | "version": "1.8.1", 283 | "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", 284 | "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc=" 285 | }, 286 | "express": { 287 | "version": "4.17.1", 288 | "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz", 289 | "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==", 290 | "requires": { 291 | "accepts": "~1.3.7", 292 | "array-flatten": "1.1.1", 293 | "body-parser": "1.19.0", 294 | "content-disposition": "0.5.3", 295 | "content-type": "~1.0.4", 296 | "cookie": "0.4.0", 297 | "cookie-signature": "1.0.6", 298 | "debug": "2.6.9", 299 | "depd": "~1.1.2", 300 | "encodeurl": "~1.0.2", 301 | "escape-html": "~1.0.3", 302 | "etag": "~1.8.1", 303 | "finalhandler": "~1.1.2", 304 | "fresh": "0.5.2", 305 | "merge-descriptors": "1.0.1", 306 | "methods": "~1.1.2", 307 | "on-finished": "~2.3.0", 308 | "parseurl": "~1.3.3", 309 | "path-to-regexp": "0.1.7", 310 | "proxy-addr": "~2.0.5", 311 | "qs": "6.7.0", 312 | "range-parser": "~1.2.1", 313 | "safe-buffer": "5.1.2", 314 | "send": "0.17.1", 315 | "serve-static": "1.14.1", 316 | "setprototypeof": "1.1.1", 317 | "statuses": "~1.5.0", 318 | "type-is": "~1.6.18", 319 | "utils-merge": "1.0.1", 320 | "vary": "~1.1.2" 321 | } 322 | }, 323 | "extend": { 324 | "version": "3.0.2", 325 | "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", 326 | "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==" 327 | }, 328 | "extsprintf": { 329 | "version": "1.3.0", 330 | "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz", 331 | "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=" 332 | }, 333 | "fast-deep-equal": { 334 | "version": "3.1.3", 335 | "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", 336 | "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" 337 | }, 338 | "fast-json-stable-stringify": { 339 | "version": "2.1.0", 340 | "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", 341 | "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==" 342 | }, 343 | "finalhandler": { 344 | "version": "1.1.2", 345 | "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz", 346 | "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==", 347 | "requires": { 348 | "debug": "2.6.9", 349 | "encodeurl": "~1.0.2", 350 | "escape-html": "~1.0.3", 351 | "on-finished": "~2.3.0", 352 | "parseurl": "~1.3.3", 353 | "statuses": "~1.5.0", 354 | "unpipe": "~1.0.0" 355 | } 356 | }, 357 | "forever-agent": { 358 | "version": "0.6.1", 359 | "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz", 360 | "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=" 361 | }, 362 | "form-data": { 363 | "version": "2.3.3", 364 | "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz", 365 | "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==", 366 | "requires": { 367 | "asynckit": "^0.4.0", 368 | "combined-stream": "^1.0.6", 369 | "mime-types": "^2.1.12" 370 | } 371 | }, 372 | "forwarded": { 373 | "version": "0.1.2", 374 | "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz", 375 | "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ=" 376 | }, 377 | "fresh": { 378 | "version": "0.5.2", 379 | "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", 380 | "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac=" 381 | }, 382 | "getpass": { 383 | "version": "0.1.7", 384 | "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz", 385 | "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=", 386 | "requires": { 387 | "assert-plus": "^1.0.0" 388 | } 389 | }, 390 | "har-schema": { 391 | "version": "2.0.0", 392 | "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz", 393 | "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=" 394 | }, 395 | "har-validator": { 396 | "version": "5.1.3", 397 | "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz", 398 | "integrity": "sha512-sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==", 399 | "requires": { 400 | "ajv": "^6.5.5", 401 | "har-schema": "^2.0.0" 402 | } 403 | }, 404 | "hash.js": { 405 | "version": "1.1.7", 406 | "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.7.tgz", 407 | "integrity": "sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==", 408 | "requires": { 409 | "inherits": "^2.0.3", 410 | "minimalistic-assert": "^1.0.1" 411 | } 412 | }, 413 | "hmac-drbg": { 414 | "version": "1.0.1", 415 | "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz", 416 | "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=", 417 | "requires": { 418 | "hash.js": "^1.0.3", 419 | "minimalistic-assert": "^1.0.0", 420 | "minimalistic-crypto-utils": "^1.0.1" 421 | } 422 | }, 423 | "http-errors": { 424 | "version": "1.7.2", 425 | "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz", 426 | "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==", 427 | "requires": { 428 | "depd": "~1.1.2", 429 | "inherits": "2.0.3", 430 | "setprototypeof": "1.1.1", 431 | "statuses": ">= 1.5.0 < 2", 432 | "toidentifier": "1.0.0" 433 | } 434 | }, 435 | "http-signature": { 436 | "version": "1.2.0", 437 | "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz", 438 | "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=", 439 | "requires": { 440 | "assert-plus": "^1.0.0", 441 | "jsprim": "^1.2.2", 442 | "sshpk": "^1.7.0" 443 | } 444 | }, 445 | "iconv-lite": { 446 | "version": "0.4.24", 447 | "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", 448 | "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", 449 | "requires": { 450 | "safer-buffer": ">= 2.1.2 < 3" 451 | } 452 | }, 453 | "ieee754": { 454 | "version": "1.1.13", 455 | "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", 456 | "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" 457 | }, 458 | "inherits": { 459 | "version": "2.0.3", 460 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", 461 | "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=" 462 | }, 463 | "ipaddr.js": { 464 | "version": "1.9.1", 465 | "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", 466 | "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==" 467 | }, 468 | "is-typedarray": { 469 | "version": "1.0.0", 470 | "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz", 471 | "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=" 472 | }, 473 | "isstream": { 474 | "version": "0.1.2", 475 | "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz", 476 | "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=" 477 | }, 478 | "jsbn": { 479 | "version": "0.1.1", 480 | "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz", 481 | "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=" 482 | }, 483 | "json-schema": { 484 | "version": "0.2.3", 485 | "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz", 486 | "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM=" 487 | }, 488 | "json-schema-traverse": { 489 | "version": "0.4.1", 490 | "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", 491 | "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==" 492 | }, 493 | "json-stringify-safe": { 494 | "version": "5.0.1", 495 | "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", 496 | "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=" 497 | }, 498 | "jsonwebtoken": { 499 | "version": "8.5.1", 500 | "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz", 501 | "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==", 502 | "requires": { 503 | "jws": "^3.2.2", 504 | "lodash.includes": "^4.3.0", 505 | "lodash.isboolean": "^3.0.3", 506 | "lodash.isinteger": "^4.0.4", 507 | "lodash.isnumber": "^3.0.3", 508 | "lodash.isplainobject": "^4.0.6", 509 | "lodash.isstring": "^4.0.1", 510 | "lodash.once": "^4.0.0", 511 | "ms": "^2.1.1", 512 | "semver": "^5.6.0" 513 | }, 514 | "dependencies": { 515 | "ms": { 516 | "version": "2.1.2", 517 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", 518 | "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" 519 | } 520 | } 521 | }, 522 | "jsprim": { 523 | "version": "1.4.1", 524 | "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz", 525 | "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=", 526 | "requires": { 527 | "assert-plus": "1.0.0", 528 | "extsprintf": "1.3.0", 529 | "json-schema": "0.2.3", 530 | "verror": "1.10.0" 531 | } 532 | }, 533 | "jwa": { 534 | "version": "1.4.1", 535 | "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", 536 | "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", 537 | "requires": { 538 | "buffer-equal-constant-time": "1.0.1", 539 | "ecdsa-sig-formatter": "1.0.11", 540 | "safe-buffer": "^5.0.1" 541 | } 542 | }, 543 | "jwk-to-pem": { 544 | "version": "2.0.4", 545 | "resolved": "https://registry.npmjs.org/jwk-to-pem/-/jwk-to-pem-2.0.4.tgz", 546 | "integrity": "sha512-4CCK9UBHNWjWtfSHdyu3I6rA8vlN5cWqnVuwY0cOMyXtw6M1tP+yrM8GZpwk+P932Dc3cLag4d35B6CqyIf89A==", 547 | "requires": { 548 | "asn1.js": "^5.3.0", 549 | "elliptic": "^6.5.3", 550 | "safe-buffer": "^5.0.1" 551 | } 552 | }, 553 | "jws": { 554 | "version": "3.2.2", 555 | "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", 556 | "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", 557 | "requires": { 558 | "jwa": "^1.4.1", 559 | "safe-buffer": "^5.0.1" 560 | } 561 | }, 562 | "lodash": { 563 | "version": "4.17.19", 564 | "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz", 565 | "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==" 566 | }, 567 | "lodash.includes": { 568 | "version": "4.3.0", 569 | "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", 570 | "integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=" 571 | }, 572 | "lodash.isboolean": { 573 | "version": "3.0.3", 574 | "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", 575 | "integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=" 576 | }, 577 | "lodash.isinteger": { 578 | "version": "4.0.4", 579 | "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", 580 | "integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=" 581 | }, 582 | "lodash.isnumber": { 583 | "version": "3.0.3", 584 | "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", 585 | "integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=" 586 | }, 587 | "lodash.isplainobject": { 588 | "version": "4.0.6", 589 | "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", 590 | "integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=" 591 | }, 592 | "lodash.isstring": { 593 | "version": "4.0.1", 594 | "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", 595 | "integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=" 596 | }, 597 | "lodash.once": { 598 | "version": "4.1.1", 599 | "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", 600 | "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=" 601 | }, 602 | "long": { 603 | "version": "4.0.0", 604 | "resolved": "https://registry.npmjs.org/long/-/long-4.0.0.tgz", 605 | "integrity": "sha512-XsP+KhQif4bjX1kbuSiySJFNAehNxgLb6hPRGJ9QsUr8ajHkuXGdrHmFUTUUXhDwVX2R5bY4JNZEwbUiMhV+MA==" 606 | }, 607 | "media-typer": { 608 | "version": "0.3.0", 609 | "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", 610 | "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" 611 | }, 612 | "merge-descriptors": { 613 | "version": "1.0.1", 614 | "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", 615 | "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E=" 616 | }, 617 | "methods": { 618 | "version": "1.1.2", 619 | "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", 620 | "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4=" 621 | }, 622 | "mime": { 623 | "version": "1.6.0", 624 | "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", 625 | "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==" 626 | }, 627 | "mime-db": { 628 | "version": "1.44.0", 629 | "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz", 630 | "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==" 631 | }, 632 | "mime-types": { 633 | "version": "2.1.27", 634 | "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz", 635 | "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==", 636 | "requires": { 637 | "mime-db": "1.44.0" 638 | } 639 | }, 640 | "minimalistic-assert": { 641 | "version": "1.0.1", 642 | "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", 643 | "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" 644 | }, 645 | "minimalistic-crypto-utils": { 646 | "version": "1.0.1", 647 | "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz", 648 | "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=" 649 | }, 650 | "ms": { 651 | "version": "2.0.0", 652 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", 653 | "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" 654 | }, 655 | "negotiator": { 656 | "version": "0.6.2", 657 | "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz", 658 | "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw==" 659 | }, 660 | "node-forge": { 661 | "version": "0.8.5", 662 | "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.8.5.tgz", 663 | "integrity": "sha512-vFMQIWt+J/7FLNyKouZ9TazT74PRV3wgv9UT4cRjC8BffxFbKXkgIWR42URCPSnHm/QDz6BOlb2Q0U4+VQT67Q==" 664 | }, 665 | "node-jose": { 666 | "version": "1.1.4", 667 | "resolved": "https://registry.npmjs.org/node-jose/-/node-jose-1.1.4.tgz", 668 | "integrity": "sha512-L31IFwL3pWWcMHxxidCY51ezqrDXMkvlT/5pLTfNw5sXmmOLJuN6ug7txzF/iuZN55cRpyOmoJrotwBQIoo5Lw==", 669 | "requires": { 670 | "base64url": "^3.0.1", 671 | "browserify-zlib": "^0.2.0", 672 | "buffer": "^5.5.0", 673 | "es6-promise": "^4.2.8", 674 | "lodash": "^4.17.15", 675 | "long": "^4.0.0", 676 | "node-forge": "^0.8.5", 677 | "process": "^0.11.10", 678 | "react-zlib-js": "^1.0.4", 679 | "uuid": "^3.3.3" 680 | } 681 | }, 682 | "oauth-sign": { 683 | "version": "0.9.0", 684 | "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz", 685 | "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==" 686 | }, 687 | "on-finished": { 688 | "version": "2.3.0", 689 | "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", 690 | "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=", 691 | "requires": { 692 | "ee-first": "1.1.1" 693 | } 694 | }, 695 | "openssl-nodejs": { 696 | "version": "1.0.5", 697 | "resolved": "https://registry.npmjs.org/openssl-nodejs/-/openssl-nodejs-1.0.5.tgz", 698 | "integrity": "sha512-6+nxZBw96nK1WUk5yIjhv9NRjqtNTfklB508T64BG5TQ8fU1x1rJrc1I3iVW+31KjnYYYwInGTopYxFJa7wMqA==" 699 | }, 700 | "pako": { 701 | "version": "1.0.11", 702 | "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", 703 | "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" 704 | }, 705 | "parseurl": { 706 | "version": "1.3.3", 707 | "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", 708 | "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" 709 | }, 710 | "path-to-regexp": { 711 | "version": "0.1.7", 712 | "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", 713 | "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w=" 714 | }, 715 | "performance-now": { 716 | "version": "2.1.0", 717 | "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz", 718 | "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=" 719 | }, 720 | "process": { 721 | "version": "0.11.10", 722 | "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", 723 | "integrity": "sha1-czIwDoQBYb2j5podHZGn1LwW8YI=" 724 | }, 725 | "proxy-addr": { 726 | "version": "2.0.6", 727 | "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.6.tgz", 728 | "integrity": "sha512-dh/frvCBVmSsDYzw6n926jv974gddhkFPfiN8hPOi30Wax25QZyZEGveluCgliBnqmuM+UJmBErbAUFIoDbjOw==", 729 | "requires": { 730 | "forwarded": "~0.1.2", 731 | "ipaddr.js": "1.9.1" 732 | } 733 | }, 734 | "psl": { 735 | "version": "1.8.0", 736 | "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz", 737 | "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==" 738 | }, 739 | "punycode": { 740 | "version": "2.1.1", 741 | "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", 742 | "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" 743 | }, 744 | "qs": { 745 | "version": "6.7.0", 746 | "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz", 747 | "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==" 748 | }, 749 | "range-parser": { 750 | "version": "1.2.1", 751 | "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", 752 | "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==" 753 | }, 754 | "raw-body": { 755 | "version": "2.4.0", 756 | "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz", 757 | "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==", 758 | "requires": { 759 | "bytes": "3.1.0", 760 | "http-errors": "1.7.2", 761 | "iconv-lite": "0.4.24", 762 | "unpipe": "1.0.0" 763 | } 764 | }, 765 | "react-zlib-js": { 766 | "version": "1.0.4", 767 | "resolved": "https://registry.npmjs.org/react-zlib-js/-/react-zlib-js-1.0.4.tgz", 768 | "integrity": "sha512-ynXD9DFxpE7vtGoa3ZwBtPmZrkZYw2plzHGbanUjBOSN4RtuXdektSfABykHtTiWEHMh7WdYj45LHtp228ZF1A==" 769 | }, 770 | "request": { 771 | "version": "2.88.2", 772 | "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz", 773 | "integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==", 774 | "requires": { 775 | "aws-sign2": "~0.7.0", 776 | "aws4": "^1.8.0", 777 | "caseless": "~0.12.0", 778 | "combined-stream": "~1.0.6", 779 | "extend": "~3.0.2", 780 | "forever-agent": "~0.6.1", 781 | "form-data": "~2.3.2", 782 | "har-validator": "~5.1.3", 783 | "http-signature": "~1.2.0", 784 | "is-typedarray": "~1.0.0", 785 | "isstream": "~0.1.2", 786 | "json-stringify-safe": "~5.0.1", 787 | "mime-types": "~2.1.19", 788 | "oauth-sign": "~0.9.0", 789 | "performance-now": "^2.1.0", 790 | "qs": "~6.5.2", 791 | "safe-buffer": "^5.1.2", 792 | "tough-cookie": "~2.5.0", 793 | "tunnel-agent": "^0.6.0", 794 | "uuid": "^3.3.2" 795 | }, 796 | "dependencies": { 797 | "qs": { 798 | "version": "6.5.2", 799 | "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz", 800 | "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==" 801 | } 802 | } 803 | }, 804 | "safe-buffer": { 805 | "version": "5.1.2", 806 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", 807 | "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==" 808 | }, 809 | "safer-buffer": { 810 | "version": "2.1.2", 811 | "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", 812 | "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" 813 | }, 814 | "semver": { 815 | "version": "5.7.1", 816 | "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", 817 | "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" 818 | }, 819 | "send": { 820 | "version": "0.17.1", 821 | "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz", 822 | "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==", 823 | "requires": { 824 | "debug": "2.6.9", 825 | "depd": "~1.1.2", 826 | "destroy": "~1.0.4", 827 | "encodeurl": "~1.0.2", 828 | "escape-html": "~1.0.3", 829 | "etag": "~1.8.1", 830 | "fresh": "0.5.2", 831 | "http-errors": "~1.7.2", 832 | "mime": "1.6.0", 833 | "ms": "2.1.1", 834 | "on-finished": "~2.3.0", 835 | "range-parser": "~1.2.1", 836 | "statuses": "~1.5.0" 837 | }, 838 | "dependencies": { 839 | "ms": { 840 | "version": "2.1.1", 841 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", 842 | "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" 843 | } 844 | } 845 | }, 846 | "serve-static": { 847 | "version": "1.14.1", 848 | "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz", 849 | "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==", 850 | "requires": { 851 | "encodeurl": "~1.0.2", 852 | "escape-html": "~1.0.3", 853 | "parseurl": "~1.3.3", 854 | "send": "0.17.1" 855 | } 856 | }, 857 | "setprototypeof": { 858 | "version": "1.1.1", 859 | "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz", 860 | "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw==" 861 | }, 862 | "sshpk": { 863 | "version": "1.16.1", 864 | "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz", 865 | "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==", 866 | "requires": { 867 | "asn1": "~0.2.3", 868 | "assert-plus": "^1.0.0", 869 | "bcrypt-pbkdf": "^1.0.0", 870 | "dashdash": "^1.12.0", 871 | "ecc-jsbn": "~0.1.1", 872 | "getpass": "^0.1.1", 873 | "jsbn": "~0.1.0", 874 | "safer-buffer": "^2.0.2", 875 | "tweetnacl": "~0.14.0" 876 | } 877 | }, 878 | "statuses": { 879 | "version": "1.5.0", 880 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", 881 | "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow=" 882 | }, 883 | "toidentifier": { 884 | "version": "1.0.0", 885 | "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz", 886 | "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw==" 887 | }, 888 | "tough-cookie": { 889 | "version": "2.5.0", 890 | "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz", 891 | "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==", 892 | "requires": { 893 | "psl": "^1.1.28", 894 | "punycode": "^2.1.1" 895 | } 896 | }, 897 | "tunnel-agent": { 898 | "version": "0.6.0", 899 | "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", 900 | "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=", 901 | "requires": { 902 | "safe-buffer": "^5.0.1" 903 | } 904 | }, 905 | "tweetnacl": { 906 | "version": "0.14.5", 907 | "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz", 908 | "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=" 909 | }, 910 | "type-is": { 911 | "version": "1.6.18", 912 | "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", 913 | "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", 914 | "requires": { 915 | "media-typer": "0.3.0", 916 | "mime-types": "~2.1.24" 917 | } 918 | }, 919 | "unpipe": { 920 | "version": "1.0.0", 921 | "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", 922 | "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=" 923 | }, 924 | "uri-js": { 925 | "version": "4.2.2", 926 | "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz", 927 | "integrity": "sha512-KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==", 928 | "requires": { 929 | "punycode": "^2.1.0" 930 | } 931 | }, 932 | "utils-merge": { 933 | "version": "1.0.1", 934 | "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", 935 | "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM=" 936 | }, 937 | "uuid": { 938 | "version": "3.4.0", 939 | "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", 940 | "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" 941 | }, 942 | "vary": { 943 | "version": "1.1.2", 944 | "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", 945 | "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=" 946 | }, 947 | "verror": { 948 | "version": "1.10.0", 949 | "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz", 950 | "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=", 951 | "requires": { 952 | "assert-plus": "^1.0.0", 953 | "core-util-is": "1.0.2", 954 | "extsprintf": "^1.2.0" 955 | } 956 | } 957 | } 958 | } 959 | --------------------------------------------------------------------------------