JSON Web Token Attacks: LAB #6 - JWT Authentication Bypass Via kid Header Path Trasversal

Поделиться
HTML-код
  • Опубликовано: 15 ноя 2024
  • #portswigger #websecurity #JSON #solution
    Walkthrough videos regarding the solutions of the lab "JWT Authentication Bypass Via Unverified Signature" of "JWT Attacks" section of Web Security Academy made by PortSwigger.
    Link: portswigger.ne...
    In particular, intercepting the request and hacking the JSON Web Token with a proxy, in this case Burp Suite Professional or BurpSuite Community Edition, you will be able to access the user administrator.
    Actually, I'm doing the Web Security Academy made by PortSwigger.
    In these type of videos, I will focus on some labs.
    This is one of various type of these kinds of videos.
    Enjoy, and please leave a like and subscribe.
    About Me:
    Bachelor's Degree in Computer Engineering at Università Degli Studi Roma Tre
    Burp Suite Certified Practitioner (BSCP)
    eLearnSecurity Web Application Application Tester (eWPT)
    eLearnSecurity Web Application Application Tester eXtreme (eWPTx)
    Red Hat Certified System Administrator (RHCSA)
    Social networks:
    / emanuele-picariello-52...
    / emanuelepicari5
    If you liked content, subscribed to my channel:
    / @emanuelepicariello
    Disclaimer: Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.

Комментарии • 20

  • @emanuelepicariello
    @emanuelepicariello  2 года назад

    Please Leave A Like And Eventually Subscribe

  • @acronproject
    @acronproject Год назад +1

    very good thanks

  • @xoro163
    @xoro163 2 года назад +1

    can you make a video explaining all the parameter header usage like kid,k,n,e,...

    • @emanuelepicariello
      @emanuelepicariello  2 года назад

      Hi XORO,
      Those parameter represents the JWK (JSON Web Key) as a JSON object.
      kid is the unique identifier for the key
      n the module for the RSA public key
      e the exponent for the RSA public key
      Right now, I have other tasks on load, I don’t think I’ll make video on this topic.
      But I suggest you some resources to have a deep understanding if you want:
      auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-set-properties
      tools.ietf.org/html/rfc7518#page-30
      portswigger.net/web-security/jwt
      I hope this could help you

  • @jaswanth5673
    @jaswanth5673 2 года назад +3

    I tried to self sign the JWT with symmetric key using JWT Editor extension, when clicked OK for completing sign it didn't work. Solutions are welcomed :)

    • @emanuelepicariello
      @emanuelepicariello  2 года назад +1

      Hi Jaswanth,
      When are you getting the error? During the signing?
      Did you generate the signature key following the steps made by the video?
      From my side I’d like to help you, but please be more detailed :)

    • @jaswanth5673
      @jaswanth5673 2 года назад +1

      @@emanuelepicariello Thank you for your reply. I made necessary changes in JWT body as suggested and After generating Symmetric key and adding nullbyte at k. I went for sign. When I clicked as usual it showed the popup and when clicked ok the the dialogue box stays still. But when I tried with RSA key the sign was successfull. Just not sure why sign doesn’t when symmetric key is used :(

    • @emanuelepicariello
      @emanuelepicariello  2 года назад +1

      @@jaswanth5673 Things that I’m thinking right now, that you could have mistaken, maybe.. Insert more escape character “../../“ and see the alg field, if is set to HS256.
      Take also a look at sub if is equals to administrator.
      Last when signing the key, remember to choose “don’t modify header”.
      Let me know if you’ll be able.

    • @jaswanth5673
      @jaswanth5673 2 года назад +1

      Its the issue with burp

    • @emanuelepicariello
      @emanuelepicariello  2 года назад

      @@jaswanth5673 Maybe, but I suggest you to retry in the next days, some instances of labs, sometimes, could have been deployed with some error.
      Try to follow the last steps taken in this video, one more time if you want and let me know.
      I hope I helped you somehow.