View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007022 | Kali Linux | [All Projects] Queued Tool Addition | public | 2021-01-31 17:00 | 2023-02-20 08:59 |
Reporter | DontPanicO | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | acknowledged | Resolution | open | ||
Product Version | |||||
Target Version | Fixed in Version | ||||
Summary | 0007022: jwtXploiter - test security of JSON Web Tokens | ||||
Description | name: jwtXploiter version: 1.0 homepage: https://githbub.com/DontPanicO/jwtXploiter wiki: https://githbub.com/DontPanicO/jwtXploiter/wiki download: https://github.com/DontPanicO/jwtXploiter/releases/tag/v1.0 download: https://pypi.org/project/jwtxploiter/ author: DontPanicO licence: GPL-3.0 description: A command line interface to test security of JWTs against all known CVEs and more - Tamper with the token payload, change claims and subclaims values. - Exploit known vulnerable header claims (kid, jku, x5u) - Verify a token - Retrieve the public key of your target's ssl connection and try to use it in a key confusion attack with one option only - All JWAs supported (HS*, RS*, PS*, ES*) - Generates a JWK and insert it in the token header - And much, much more! dependencies: python3 (3.7 or newer) python dependencies: cryptography==3.2.1 activity: actively mantained installation: pip install, rpm package (provided by latest release on github) how to use: this tool cover a lot of use cases, and all are well explained in the wiki. Here i just provide some basic. - jwtxpl <token> -d # decode a token - jwtxpl <token> -a None -p <claim_name>:<new_value> # Try alg none and change a payload claim issuing new_value - jwtxpl <token> -a hs256 -p user:admin -k /path/to/key # Use JWA HS256, change payload, and sign token with a key - jwtxpl <token> -a hs256 -p user:admin --unverified # Try to reuse original signature - jwtxpl <token> -a hs256 --inject-kid sqli # Try an sqli payload against the kid header - jwtxpl <token> -a rs256 --jku-basic <yourURL> # Try to make the jku pointing to your jwks (automatically generated) - jwtxpl <token> -a es384 -V /path/to/key # Verify the signature using JWA ES384 and the key passed to -V packaged: The tool has not a .deb yet, but i'm working on it. | ||||
|
Debian package has been provided. It can be found on github , provided with the tool latest release. |
|
Hello - thanks for the submission @DontPanicO, Wheres the debian package? |
|
@kali-team, please could this be packaged up. |
|
@g0tmi1k here --> http://andreatedeschi.uno/jwtxploiter/jwtxploiter_1.2.1-1_all.deb |
|
Estoy ansioso por trabajar con cada uno de los programas me gusta la tecologia |
Date Modified | Username | Field | Change |
---|---|---|---|
2021-01-31 17:00 | DontPanicO | New Issue | |
2021-02-02 16:24 | DontPanicO | Note Added: 0014192 | |
2021-03-05 13:14 | g0tmi1k | Note Added: 0014272 | |
2021-03-05 13:31 | g0tmi1k | Status | new => acknowledged |
2021-03-05 13:31 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |
2021-03-05 13:31 | g0tmi1k | Note Added: 0014282 | |
2021-03-06 20:34 | DontPanicO | Note Added: 0014287 | |
2022-05-04 12:58 | g0tmi1k | Summary | jwtXploiter, a tool to test security of JSON Web Tokens => jwtXploiter - test security of JSON Web Tokens |
2023-02-20 08:59 | Kenneths28 | Note Added: 0017536 |