JWT Authentication Bypass via jwk Header Injection

Опубликовано: 03 Июль 2023
на канале: Intigriti

6,714

129

👩‍🎓👨‍🎓 Learn about JSON Web Token (JWT) vulnerabilities. The server supports the jwk (JSON Web Key) parameter in the JWT header. This is sometimes used to embed the correct verification key directly in the token. However, it fails to check whether the provided key came from a trusted source. To solve the lab, we'll modify and sign a JWT that provides access to the admin panel, then delete the user carlos.

Overview:
0:00 Intro
0:13 Recap
0:38 JWT header parameter injections
1:30 Injecting self-signed JWTs via the jwk parameter
2:17 Symmetric vs asymmetric algorithms
3:40 JWT Editor extension (burp)
4:26 Lab: JWT authentication bypass via jwk header injection
5:43 Solution #1: python
8:59 Solution #2: burp suite
10:34 Solution #3: jwt_tool
13:18 Conclusion

If you're struggling with the concepts covered in this lab, please review the Introduction to JWT Attacks video first: • Introduction to JWT Attacks 🧠
For more information, check out https://portswigger.net/web-security/jwt

🔗 Portswigger challenge: https://portswigger.net/web-security/...

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

🐍 Python scripts demonstrated in this series can be found here: https://github.com/Crypto-Cat/CTF/tre...