mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-22 12:26:17 +00:00
Added commands for testing Mapbox API Tokens
This commit is contained in:
parent
2ac947e46d
commit
88aa7c9789
@ -18,6 +18,7 @@
|
|||||||
- [Gitlab Personal Access Token](#gitlab-personal-access-token)
|
- [Gitlab Personal Access Token](#gitlab-personal-access-token)
|
||||||
- [HockeyApp API Token](#hockeyapp-api-token)
|
- [HockeyApp API Token](#hockeyapp-api-token)
|
||||||
- [Auth Bypass using pre-published Machine Key](#auth-bypass-using-pre-published-machine-key)
|
- [Auth Bypass using pre-published Machine Key](#auth-bypass-using-pre-published-machine-key)
|
||||||
|
- [Mapbox API Token](#Mapbox-API-Token)
|
||||||
|
|
||||||
|
|
||||||
## Tools
|
## Tools
|
||||||
@ -121,9 +122,20 @@ $ AspDotNetWrapper.exe --decryptDataFilePath C:\DecryptedText.txt
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
### Mapbox API Token
|
||||||
|
A Mapbox API Token is a JSON Web Token (JWT). If the header of the JWT is `sk`, jackpot. If it's `pk` or `tk`, it's not worth your time.
|
||||||
|
```
|
||||||
|
#Check token validity
|
||||||
|
curl "https://api.mapbox.com/tokens/v2?access_token=YOUR_MAPBOX_ACCESS_TOKEN"
|
||||||
|
|
||||||
|
#Get list of all tokens associated with an account. (only works if the token is a Secret Token (sk), and has the appropiate scope)
|
||||||
|
curl "https://api.mapbox.com/tokens/v2/MAPBOX_USERNAME_HERE?access_token=YOUR_MAPBOX_ACCESS_TOKEN"
|
||||||
|
```
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
* [Finding Hidden API Keys & How to use them - Sumit Jain - August 24, 2019](https://medium.com/@sumitcfe/finding-hidden-api-keys-how-to-use-them-11b1e5d0f01d)
|
* [Finding Hidden API Keys & How to use them - Sumit Jain - August 24, 2019](https://medium.com/@sumitcfe/finding-hidden-api-keys-how-to-use-them-11b1e5d0f01d)
|
||||||
* [Private API key leakage due to lack of access control - yox - August 8, 2018](https://hackerone.com/reports/376060)
|
* [Private API key leakage due to lack of access control - yox - August 8, 2018](https://hackerone.com/reports/376060)
|
||||||
* [Project Blacklist3r - November 23, 2018 - @notsosecure](https://www.notsosecure.com/project-blacklist3r/)
|
* [Project Blacklist3r - November 23, 2018 - @notsosecure](https://www.notsosecure.com/project-blacklist3r/)
|
||||||
* [Saying Goodbye to my Favorite 5 Minute P1 - Allyson O'Malley - January 6, 2020](https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/)
|
* [Saying Goodbye to my Favorite 5 Minute P1 - Allyson O'Malley - January 6, 2020](https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/)
|
||||||
|
* [Mapbox API Token Documentation](https://docs.mapbox.com/help/troubleshooting/how-to-use-mapbox-securely/)
|
||||||
|
Loading…
Reference in New Issue
Block a user