daffainfo
/
AllAboutBugBounty
mirror of https://github.com/daffainfo/AllAboutBugBounty.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
AllAboutBugBounty/Misc/JWT Vulnerabilities.md

26 lines
862 B
Markdown
Raw Permalink Normal View History

Added 4 tips to misc folders
2021-02-09 10:29:07 +00:00
# JWT Vulnerabilities
Update structure each readme
2022-06-15 10:38:42 +00:00
Added 4 tips to misc folders
2021-02-09 10:29:07 +00:00
## Introduction
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
Update structure each readme
2022-06-15 10:38:42 +00:00
## How to exploit
Added 4 tips to misc folders
2021-02-09 10:29:07 +00:00
1. Modify the algorithm to "none" algorithm
```
{
"alg": "none",
"typ": "JWT"
}
```
2. Modify the algorithm RS256 to HS256
If you change the algorithm from RS256 to HS256, the backend code uses the public key as the secret key and then uses the HS256 algorithm to verify the signature.
3. Bruteforce HS256
the HS256 key strength is weak, it can be directly brute-forced, such as using the secret string as a key in the PyJWT library sample code.
Update structure each readme
2022-06-15 10:38:42 +00:00
## Tools
* [jwt-hack](https://github.com/hahwul/jwt-hack)
## Reference
Added 4 tips to misc folders
2021-02-09 10:29:07 +00:00
- [Hacking JSON Web Token (JWT)](https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6)