Skip to main content

Testing, tweaking and cracking JSON Web Tokens (JWT)

What is JSON Web Token?

JWT (JSON Web Token) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

In this post, we will see how to test, tweak, and try to crack JWTs. There are few open-source libraries that we can use. One such utility is https://github.com/ticarpi/jwt_tool which is a toolkit for testing, tweaking, and cracking JSON Web Tokens.

This tool is written in Python 3 (version 3.6+).

Its functionality includes:

  • Checking the validity of a token
  • Testing for known exploits:
  • (CVE-2015–2951) The  signature-bypass vulnerability
  • (CVE-2016–10555) The  public key mismatch vulnerability
  • (CVE-2018–0114)  vulnerability
  • Scanning for misconfigurations or known weaknesses
  • Fuzzing claim values to provoke unexpected behaviors
  • Testing the validity of a secret/key file/Public Key/JWKS key
  • Identifying  via a High-speed 
  • Forging new token header and payload contents and creating a new signature with the key or via another attack method
  • Timestamp tampering
  • RSA and ECDSA key generation, and reconstruction (from JWKS files)
  • …and lots more!

You can visit the repository on github and get the instructions on github.

Happy Coding!!!

Labels:

Comments

Post a Comment

Popular posts from this blog

How to mine pancake swap using your Laptop/Desktop

In this post, we will talk about how you can mine pancake swap using your laptop or desktop. What is pancake swap you ask? Pancakeswap is a decentralizaed DEX where you can Trade, earn, and win crypto on the most popular decentralized platform in the galaxy, you can Trade any token on Binance Smart Chain in seconds and you can earn passive income with your CAKE tokens. You can read more about it from  https://pancakeswap.finance/ Get Started! Step I: Getting a crypto wallet You can start with  Metamask  as a crypto wallet. Go ahead and download the Metamask as a chrome extension. Download Link:  https://metamask.io/download.html Once installed let's set up the Metamask account. Metamask Get Started Screen Click on  Get Started  button, and you should see the following screen. Metamask create wallet screen Click on  Create a Wallet  button. Metamask I Agree Screen Click on  I Agree  button. Metamask create password Provide a strong passwo...
5 comments
Read more

Visualising Your Google Location History

Step 1: Download Your Google Location History First, you need to download your location history data from Google. Follow these steps to get started: Go to Google Takeout : Visit Google Takeout to begin the process. Select Location History (Timeline) : Make sure to select the “Location History (Timeline)” option. 3. Export Your Data : Google will compile your data, which might take some time. You will receive an email once your data is ready to be downloaded. 4. Download the Data : Follow the instructions in the email to download your data. Step 2: Extract the Downloaded File Once you’ve downloaded your data, locate the file and extract it. The location data will be in a JSON file at the following path: takeout-202XXXXXTXXXXXXZ-001/Takout/Location History (Timeline)/Records.json Step 3: Convert JSON to CSV To make the location data usable, we need to convert it from JSON to CSV format. Although you can convert it to KML or geoJSON formats, we’ll focus on CSV for this post. 1.  Clon...
Post a Comment
Read more

Unleashing the Power of Personal Photo Management with PhotoPrism

As an avid photographer and a lover of memories, I've always struggled with managing and organizing my ever-growing collection of digital photos. It was a constant battle to find specific photos, especially as I often forget to tag or rename them. That's when I stumbled upon PhotoPrism , a powerful open-source photo management tool that has revolutionized the way I interact with my photo library. In this blog post, I'll guide you through the process of installing and using PhotoPrism, sharing my personal use cases along the way. Whether you're a professional photographer, a hobbyist, or simply someone passionate about preserving memories, PhotoPrism is a game-changer. Getting Started To start our journey with PhotoPrism, the first step is to install it. Head over to the official repository on GitHub and follow the installation instructions provided there. Don't worry, the installation process is well-documented and straightforward, making it accessible even for no...
3 comments
Read more