JWT Attack Suite

JWT Attack Suite

Suite of attacks against implementaciones JWT vulnerables:

n
• None algorithm — Cambia the algoritmo a "none" and deletes the signs. Funciona in implementaciones that no validatesn the algoritmo.
n
• Key confusion (RS256→HS256) — Cambia of RS256 a HS256 and signs with the key public RSA as secret HMAC.
n
• Secret brute force — Fuerza bruta of the secret HMAC with wordlist optimizada for JWT (jwt-secrets.txt incluido).
n
• KID injection — Injection in the campo "kid" of the header: path traversal a /dev/null, SQL injection, command injection.
n
• JKU/X5U spoofing — Apunta jku/x5u a tu server with tu own key public for signsr tokens arbitrarios.
n
• Claim tampering — Modifica claims (sub, role, admin, exp) and re-signs with the technique that works.
n