RedTeam
3.Web-Hacking
4.Injection
Cookies
JWT

What is JWT Tokens

A JWT (JSON Web Token) is a compact, URL-safe token that is used to securely transmit information between parties as a JSON object. It is commonly used for authentication and data exchange in web applications.


Attack Vectors

# JWT without signature verification

- Send the request to Repeater and ensure it contains a Token (JWT).
- Open the "Json Web Token" tab inside repeater.
- Change in the first section the "alg" to "none" ("alg": "none")
- Remove the signature
- Modify the payload to include the desired changes.
- Send the request

----------------------------------------------------------------------------------
# JWT Forge Signature ---> NO PUB KEY

If you dont have the public key, you can still craft your own key for the JWT token

- More info

----------------------------------------------------------------------------------
# JWT Forge Signature ---> HAVE PUB KEY

- Get the public keys
- Select the signature (RS256 or HS256)
- Change the information from the JWT token (Data)
- Use the following website https://www.devglan.com/online-tools/hmac-sha256-online
	- Insert the header and data has the "plain text to compute hash"
	- Insert the public key inside "Secret Key"
	- Compute the key in base64
- Add the new signature to the JWT with the new information changed