JWT Authentication Bypass via jwk Header Injection

preview_player
Показать описание
👩‍🎓👨‍🎓 Learn about JSON Web Token (JWT) vulnerabilities. The server supports the jwk (JSON Web Key) parameter in the JWT header. This is sometimes used to embed the correct verification key directly in the token. However, it fails to check whether the provided key came from a trusted source. To solve the lab, we'll modify and sign a JWT that provides access to the admin panel, then delete the user carlos.

Overview:
0:00 Intro
0:13 Recap
0:38 JWT header parameter injections
1:30 Injecting self-signed JWTs via the jwk parameter
2:17 Symmetric vs asymmetric algorithms
3:40 JWT Editor extension (burp)
4:26 Lab: JWT authentication bypass via jwk header injection
5:43 Solution #1: python
8:59 Solution #2: burp suite
10:34 Solution #3: jwt_tool
13:18 Conclusion

  1. Intigriti
  2. jwk
  3. header
  4. json web key
  5. json web token
  6. JWT
Рекомендации по теме
JWT authentication bypass 0:04:15

JWT authentication bypass via jwk header injection | PortSwigger Academy tutorial

JWT Authentication Bypass 0:14:02

JWT Authentication Bypass via jwk Header Injection

JWT authentication bypass 0:01:28

JWT authentication bypass via jwk header injection

JWT authentication bypass 0:04:33

JWT authentication bypass via jwk header injection

JWT authentication bypass 0:02:50

JWT authentication bypass via jwk header injection

JWT authentication bypass 0:03:06

JWT authentication bypass via jwk header injection

JWT Attacks #4 0:05:52

JWT Attacks #4 - JWT authentication bypass via jwk header injection

JWT Authentication bypass 0:06:36

JWT Authentication bypass via jwk Header Injection || LAB || Full Explanation (in HINDI)

Lab: JWT authentication 0:09:49

Lab: JWT authentication bypass via jwk header injection

Portswigger Web Academy 0:04:42

Portswigger Web Academy JWT: JWT authentication bypass via jwk header injection #131

JWT authentication bypass 0:02:33

JWT authentication bypass via jwk header injection

Web Security Academy 1:28:11

Web Security Academy | JWT | 4 - JWT Authentication Bypass Via Jwk Header Injection

22.4 Lab: JWT 0:03:41

22.4 Lab: JWT authentication bypass via jwk header injection - Karthikeyan Nagaraj | 2024

Portswigger Lab: JWT 0:04:02

Portswigger Lab: JWT authentication bypass via jwk header injection

JSON Web Token 0:06:32

JSON Web Token Vulnerability - Portswigger | JWT authentication bypass via jwk header injection #4

JSON Web Token 0:03:24

JSON Web Token Attacks: LAB #4 By PortSwigger - JWT Authentication Bypass Via JWK Header Injection

JWT authentication bypass 0:03:28

JWT authentication bypass via jku header injection

JWT authentication bypass 0:02:51

JWT authentication bypass via weak signing key

JWT Authentication Bypass 0:13:40

JWT Authentication Bypass via jku Header Injection

PortSwigger - JWT 0:03:02

PortSwigger - JWT authentication bypass via jwk header injection | Quick Solution

JWT authentication bypass 0:08:10

JWT authentication bypass via jwk header injection | JWT Attacks | PortSwigger

Hacking JWT Authentication 0:15:57

Hacking JWT Authentication Bypass Via JWK Header Injection - Mengambil Alih Fungsi Administrator

JWT Authentication Bypass 0:12:35

JWT Authentication Bypass via Weak Signing Key

JWT authentication bypass 0:30:10

JWT authentication bypass via jwk header injection - PT/BR

Комментарии
Автор

why the tempered jwt has the jwk parameter set with all it's claims but the original one does not have

loganx
Автор

Really cool 💥❤‍🔥 i didn't know of this attack. I have learned something to add to my thought process😊.

grgythdrk
Автор

nice video, just small remark if you may, the sound quality makes it a bit complicated to follow along with the explanations

anonymousvevo
Автор

Method with Burp this error for me, The signature key was not found, Please help me?i pad!

felipesilva
Автор

nice work and can u give us that script plz 😊

mohmino