JWT Authentication bypass via unverified signatures | we can directly change the contents from the JSON editor extension and make possible changes to manipulate the requests
JWT Authentication bypass via none signature | setting the encryption type to none and removing the signature part of the JWT by just leaving the trailing dot
JWT authentication bypass by weak signing key | we can use hashcat with default wordlists present in wordlists section
JWT Header Injection | Using own RSA keys generated by the JSON Editor Extension
JKU header injection attack | creating the RSA key โ> copy as jwk and paste it to exploit serve and sign the same in the request
JWT attack via path Traversal | Generate Symmetric key and set key= null and add the directory traversal path in the kid parameter
check for the endpoint /jwks.json and make aa RSA key from the same keysets and then copy that public key as PEM and bas64 encode it and the generate a symmetric key with k parameter with generated key string and sign the request ..
Last updated 4 months ago