JWT

Structure

• Header : Info about algorithm and content
• Payload : Content
• Signature : Deserve his name

Common Attacks

Missing sign verif

So if a part of the permission are in the Payload we can just edit its content and remove the signature part after generating the JWT with “None”.

Secret recovery

If the sign algorithm is HS256 or HS384 or HS512 it’s vulnerable and can be exploit with Hashcat.

hashcat -m 16500 [file with jwt] [wordlist] 
> then
hashcat -m 16500 [file with jwt] [wordlist] --show

Algorithm Confusion

We can force the verification algorithm and go from RS256 (Asymmetric) to HS256 (Symmetric) so the public key will be used for both generation and verification.

We just need 2 JWT with the same key then we can use this script :

python3 jwt-forgery.py [JWT1] [JWT2]

and the program will give us the corresponding PUBKEY so we can build the new JWT with the corresponding secret and algorithm on this site

Other notes

JWK Misconfiguration

If the server doesn’t just use the given JWK for verification without further check we may just build our own JWT with our PRIV+PUB couple and it will work.

JWK Reuse

Sometimes the same key is use for different website with different security configuration.

Ressources

• CyberChef
• JWT.io
• JWT Tool

Glossary

• JWT : JSON Web Token
• JWK : JSON Web Key : A field of JWT header containing pubkey information.
• JKU : JWK set Url : A field of JWT header containing URI that refers to a JSON of JWTs.