JWT Authentication Bypass via jwk Header Injection
Рет қаралды 4,603
Күн бұрын👩🎓👨🎓 Learn about JSON Web Token (JWT) vulnerabilities. The server supports the jwk (JSON Web Key) parameter in the JWT header. This is sometimes used to embed the correct verification key directly in the token. However, it fails to check whether the provided key came from a trusted source. To solve the lab, we'll modify and sign a JWT that provides access to the admin panel, then delete the user carlos.
Overview:
0:00 Intro
0:13 Recap
0:38 JWT header parameter injections
1:30 Injecting self-signed JWTs via the jwk parameter
2:17 Symmetric vs asymmetric algorithms
3:40 JWT Editor extension (burp)
4:26 Lab: JWT authentication bypass via jwk header injection
5:43 Solution #1: python
8:59 Solution #2: burp suite
10:34 Solution #3: jwt_tool
13:18 Conclusion
If you're struggling with the concepts covered in this lab, please review the Introduction to JWT Attacks video first: • Introduction to JWT At... 🧠
For more information, check out portswigger.net/web-security/jwt
🔗 Portswigger challenge: portswigger.net/web-security/...
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by / _cryptocat ( @_CryptoCat ) & / intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
🐍 Python scripts demonstrated in this series can be found here: github.com/Crypto-Cat/CTF/tre...
@g30rgyth3d4rk 11 ай бұрын
Really cool 💥❤🔥 i didn't know of this attack. I have learned something to add to my thought process😊.
@intigriti 11 ай бұрын
Awesome! 👏
@melegritojoel 11 ай бұрын
Nice work
@intigriti 11 ай бұрын
Thank you! 😊
@bugbountyicodeidc981 11 ай бұрын
good work
@intigriti 11 ай бұрын
Thank you! 🙂
@MichaelCooter 11 ай бұрын
Greet stuff
@intigriti 11 ай бұрын
🙏🥰
@logan0x 10 ай бұрын
why the tempered jwt has the jwk parameter set with all it's claims but the original one does not have
@intigriti 9 ай бұрын
Hey, can you timestamp the section of the video so I can review? 😁
@logan0x 9 ай бұрын
@@intigriti at 5:15 when you decoded the jwt it shows that there is a "kid" claim in the header , but at 10:24 you embedded the whole "jwk" parameter not just the new "kid"
@anonymousvevo8697 Ай бұрын
nice video, just small remark if you may, the sound quality makes it a bit complicated to follow along with the explanations
@intigriti Ай бұрын
Thanks! Can you be more specific on the sound quality? This is the first comment I've seen to say it's bad, most comments talk about how clear and crisp it is 😕
@anonymousvevo8697 Ай бұрын
@@intigriti i never said your video is bad nor i meant a bad comment, it’s just when you start most of your sentences the first two-three words get cut, i don’t know if it’s just me ? But thanks for the efforts really appreciate it
@intigriti Ай бұрын
No problem! 🥰 I just want to try and confirm if there's an issue.. I haven't noticed that before or had any similar reports. Can you give me timestamp as an example so I can check? Maybe also test with another device if possible 🙏
@anonymousvevo8697 Ай бұрын
@@intigriti Yes you are right i've tried using my phone , only on my laptop, it comes from me, idk why, Thanks anyway for the reply wish you best of luck
@felipesilva3862 11 ай бұрын
Method with Burp this error for me , The signature key was not found, Please help me?i pad!
@intigriti 11 ай бұрын
Hey, please double check the video - it was recorded recently so unlikely anything has changed!
@felipesilva3862 11 ай бұрын
@@intigriti Could you give me a way to contact you directly, I'll pay!
@mohmino4532 11 ай бұрын
nice work and can u give us that script plz 😊
@intigriti 11 ай бұрын
Added the scripts here, so you can follow along 😉 github.com/Crypto-Cat/CTF/tree/main/web/WebSecurityAcademy/jwt
@mohmino4532 11 ай бұрын
@@intigriti thanks ❤
@Prince-zu5uj 11 ай бұрын
Hi Sir, how to exploit php 8.2.0?
@intigriti 11 ай бұрын
Hi there! Best thing is to check CVE databases and vuln scanners e.g. snyk to see what known vulnrabilities exist. Next, look at the specific details for those vulns to find out what the requirements are, and whether they are exploitable in your specific scenarios. Couple of links: www.tenable.com/plugins/nessus/168500 + vulners.com/nessus/WEB_APPLICATION_SCANNING_113581 but bare in mind that newer versions of PHP are less likely to be vulnerable, often you'll be better off focusing on application specific implementation, e.g. look for vulnerabilities in the code/features of the website, rather than the underlying libraries.
@Prince-zu5uj 11 ай бұрын
@@intigriti thanks 🙏
Tips Workshop
Рет қаралды 8 МЛН
SMOL Italian
Рет қаралды 36 МЛН
Pink Boo
Рет қаралды 161