SlideShare a Scribd company logo

JWT: jku x5u

S
snyff

The document discusses vulnerabilities in JSON Web Tokens (JWT). It begins by introducing JWTs and their typical uses. It then covers the JWT format and components like the header, payload, and signature. Various signing algorithms are presented. Attacks like open redirects, header injection, and algorithm downgrades are demonstrated through abusing the "jku" and "x5u" parameters. Recommendations are provided like using strong keys, reviewing libraries, enforcing algorithms, and testing for vulnerabilities. In conclusion, JWTs are complex and insecure by design, so careful implementation and testing is needed.

1 of 58
Downloaded 310 times
JWT jku&x5u = ❤ Attacking JSON WEB TOKENS… Louis Nyffenegger @PentesterLab louis@pentesterlab.com
About me PentesterLab.com / @PentesterLab Security Engineer PentesterLab: Pentester/Code Reviewer/Security consultant/Security architect Platform to learn web security/penetration testing 100% Hands-on Available for individuals (free and PRO) and enterprises Run a website to help people learn security
Who uses JWT? PentesterLab.com / @PentesterLab • A lot of people for OAuth2 • A lot of people for sessions • A lot of people to manage trust • A lot of people for password reset • A lot of people who care about being stateless and multi-datacenter architecture
Crypto 101
Signature vs Encryption PentesterLab.com / @PentesterLab Encryption gives you confidentiality Signature gives you integrity
Multiple ways of signing PentesterLab.com / @PentesterLab • With a secret using HMAC • With a private key using RSA/EC/… (asymmetric)
Signing with a secret PentesterLab.com / @PentesterLab Sign! Verify! Secret
Signing: asymmetric PentesterLab.com / @PentesterLab Sign! PrivatePublic Verify!
THE JWT FORMAT
JavaScript Object Notation (JSON) PentesterLab.com / @PentesterLab Human readable format to store or transmit objects
The Compact JWS Format PentesterLab.com / @PentesterLab Header Payload Signature 3 parts in a JSON Web Token:
The Compact JWS Format PentesterLab.com / @PentesterLab Header Payload Signature Separated by a dot . .
The Compact JWS Format PentesterLab.com / @PentesterLab eyJ0eXAiOiJK V1QiLCJhbGci OiJIUzI1NiJ9 eyJsb2dpbi I6ImFkb WluIn0 FSfvCBAwypJ4abF6 jFLmR7JgZhkW674 Z8dIdAIRyt1E Separated by a dot . . eyJ = Base64('{"')
The Compact JWS Format PentesterLab.com / @PentesterLab Base64({…}) Base64({…}) Base64(…) Header and Payload are base64* encoded JSON . . * urlsafe base64 encoding without padding The signature is also base64 encoded
The Compact JWS Format: Encoding PentesterLab.com / @PentesterLab Urlsafe base64 encoding without padding: *https://tools.ietf.org/html/rfc7515#appendix-C
The JWT Format: header PentesterLab.com / @PentesterLab Base64({"alg": "HS256", "typ": "JWS"}) The header contains an algorithm “alg” attribute: In this example HMAC with SHA256 was used To tell how the token was signed. … . . …
The JWT Format: Algorithms PentesterLab.com / @PentesterLab A lot of different algorithms are supported*: None * https://jwt.io/ covers most HS256 HS384 HS512 RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512
The JWT Format: payload PentesterLab.com / @PentesterLab … The payload may contain literally anything: Base64({"user":"admin", "roles": ["adm","users"]}). . …
The JWT Format: payload PentesterLab.com / @PentesterLab The payload may contain registered claims: Base64({"user":"admin", "exp":12…, "iat":1234.. }). .… …
The JWT Format: creating a token PentesterLab.com / @PentesterLab • Create the JSON header and base64 encode it • Create the JSON payload and base64 encode it • Concatenate with a dot the (encoded) header and payload • Sign the result (header+.+payload) • Base64 encode the signature • Append a dot then the signature
The JWT Format: verifying a token PentesterLab.com / @PentesterLab • Split the token in three parts based on the dots • Base64 decode each part • Parse the JSON for the header and payload • Retrieve the algorithm from the header • Verify the signature based on the algorithm • Verify the claims
Classic JWT attacks PentesterLab.com / @PentesterLab • None algorithm • Trivial secret • Algorithm confusion • Injection in the kid parameter • CVE-2018-0114 •
jku & x5u
jku and x5u PentesterLab.com / @PentesterLab • If you read some of the JWS RFC, you probably learnt about jku and x5u parameter for the headers • People are starting to use jku (JWK URL)
The JWT Format: jku&x5u PentesterLab.com / @PentesterLab Base64({"jku": "https://...", ...}) … . . … Base64({"x5u": "https://...", ...}) … . . …
The JWT Format: jwk PentesterLab.com / @PentesterLab { "keys": [ { "kty": "RSA", "use": "sig", "kid": "pentesterlab", "n": "oTtAXRgdJ6Pu0jr3hK3opCF5uqKWKbm4Kkq...vTF0FGw", "e": "AQAB", "alg": "RS256" } ] }
The JWT Format: x5c PentesterLab.com / @PentesterLab { "keys": [ { "kty": "RSA", "use": "sig", "kid": "pentesterlab", "x5c": "MIIDWDCCAkACCQCnE....fpye27SQbC2fBxebsek=", "alg": "RS256" } ] }
jku and x5u PentesterLab.com / @PentesterLab Application Trusted Server User
Application Trusted Server User HTTP Request with JWT1 jku and x5u PentesterLab.com / @PentesterLab
Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 jku and x5u PentesterLab.com / @PentesterLab
Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
Fetching of the JWK based on the “jku” header Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Parsing of the JWK4 jku and x5u PentesterLab.com / @PentesterLab
Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header Response 1 6 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
jku and x5u PentesterLab.com / @PentesterLab Application Malicious Server HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header Response 1 6 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Attacker Fetching of the malicious JWK based on the “jku” header
jku and x5u PentesterLab.com / @PentesterLab Application Malicious Server HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header1 2 3 Attacker Fetching of the malicious JWK based on the “jku” header
jku and x5u PentesterLab.com / @PentesterLab Turns out filtering URLs is incredibly hard
jku and x5u : regular expression PentesterLab.com / @PentesterLab https://trusted.example.com => https://trustedzexample.com
jku and x5u : starts with PentesterLab.com / @PentesterLab https://trusted => https://trusted@pentesterlab.com https://trusted/jwks/ => https://trusted/jwks/../file_uploaded https://trusted/jwks/ => https://trusted/jwks/../open_redirect https://trusted/jwks/ => https://trusted/jwks/../header_injection
3 Fetching of the JWK based on the “jku” header Parsing of the JWT to extract the “jku” header2 Application Trusted Server HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server HTTP Request with malicious JWT1 Malicious Server 3 Fetching of the JWK based on the “jku” header Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Parsing of the JWK4 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Parsing of the JWK4 Verifying the JWT signature using the malicious JWK5 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
3 Fetching of the JWK based on the “jku” header Parsing of the JWT to extract the “jku” header2 Application Trusted Server HTTP Request with malicious JWT1 Attacker jku and Header Injection PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header HTTP Request with malicious JWT1 Header Injection Attacker Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Parsing of the JWK4 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Parsing of the JWK4 Verifying the JWT signature using the JWK from the header injection 5 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
Libraries: jku header injection - Exploitation PentesterLab.com / @PentesterLab Exploitation: • Find a Header Injection • Use the Header Injection to return your JWK • Add the Header Injection as jku • Sign the token with your RSA key
jku and x5u: downgrade PentesterLab.com / @PentesterLab • The RFC calls out enforcing TLS to avoid MITM • Few implementations get it wrong: Enforcing when you set the value vs Enforcing when you fetch the key
Conclusion
Recommendations PentesterLab.com / @PentesterLab ✓ Use strong keys and secrets ✓ Don’t store them in your source code ✓ Make sure you have key rotation built-in
Recommendations PentesterLab.com / @PentesterLab ✓ Review the libraries you pick (KISS library) ✓ Make sure you check the signature ✓ Make sure your tokens expire ✓ Enforce the algorithm
Recommendations PentesterLab.com / @PentesterLab ✓ Test for x5u and jku ✓ Don't burn Open Redirect ✓ Read RFC ✓ Hack all the things!
Conclusion PentesterLab.com / @PentesterLab • JWT are complex and kind of insecure by design (make sure you check https://github.com/paragonie/paseto) • JWT libraries introduce very interesting bugs • Make sure you test for those if you write code, pentest or do bug bounties
Any questions? FOR YOUR TIME ! THANKS louis@pentesterlab.com / PentesterLab.com / @PentesterLab
Ad

Recommended

Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
Prashant Walke
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
Mikhail Egorov
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0
Mika Koivisto
 
Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?
snyff
 
Spring Security
Spring SecuritySpring Security
Spring Security
Boy Tech
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
HTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versionsHTTP Request Smuggling via higher HTTP versions
HTTP Request Smuggling via higher HTTP versions
neexemil
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
JSON Web Token
JSON Web TokenJSON Web Token
JSON Web Token
Deddy Setyadi
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
Sergey Belov
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
 
Jwt Security
Jwt SecurityJwt Security
Jwt Security
Seid Yassin
 
AWS CLIでAssumeRole
AWS CLIでAssumeRoleAWS CLIでAssumeRole
AWS CLIでAssumeRole
Tetsunori Nishizawa
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT Exploitation
AkshaeyBhosale
 
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
オラクルエンジニア通信
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
SecuRing
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking them
Mikhail Egorov
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
DirkjanMollema
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
Victor Rentea
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to Swagger
Knoldus Inc.
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
What should a hacker know about WebDav?
What should a hacker know about WebDav?What should a hacker know about WebDav?
What should a hacker know about WebDav?
Mikhail Egorov
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
Andrii Gakhov
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
robertjd
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
OWASP
 
Ad

More Related Content

What's hot (20)

JSON Web Token
JSON Web TokenJSON Web Token
JSON Web Token
Deddy Setyadi
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
Sergey Belov
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
 
Jwt Security
Jwt SecurityJwt Security
Jwt Security
Seid Yassin
 
AWS CLIでAssumeRole
AWS CLIでAssumeRoleAWS CLIでAssumeRole
AWS CLIでAssumeRole
Tetsunori Nishizawa
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT Exploitation
AkshaeyBhosale
 
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
オラクルエンジニア通信
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
SecuRing
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking them
Mikhail Egorov
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
DirkjanMollema
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
Victor Rentea
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to Swagger
Knoldus Inc.
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
What should a hacker know about WebDav?
What should a hacker know about WebDav?What should a hacker know about WebDav?
What should a hacker know about WebDav?
Mikhail Egorov
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
Andrii Gakhov
 
JSON Web Token
JSON Web TokenJSON Web Token
JSON Web Token
Deddy Setyadi
 
Attacking thru HTTP Host header
Attacking thru HTTP Host headerAttacking thru HTTP Host header
Attacking thru HTTP Host header
Sergey Belov
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Deep dive into ssrf
Deep dive into ssrfDeep dive into ssrf
Deep dive into ssrf
n|u - The Open Security Community
 
Jwt Security
Jwt SecurityJwt Security
Jwt Security
Seid Yassin
 
AWS CLIでAssumeRole
AWS CLIでAssumeRoleAWS CLIでAssumeRole
AWS CLIでAssumeRole
Tetsunori Nishizawa
 
Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)Draft: building secure applications with keycloak (oidc/jwt)
Draft: building secure applications with keycloak (oidc/jwt)
Abhishek Koserwal
 
Understanding JWT Exploitation
Understanding JWT ExploitationUnderstanding JWT Exploitation
Understanding JWT Exploitation
AkshaeyBhosale
 
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
API Gateway - ヘッダー/クエリー変換、認証・認可機能詳細
オラクルエンジニア通信
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
SecuRing
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking them
Mikhail Egorov
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
Aaron Parecki
 
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
I'm in your cloud... reading everyone's email. Hacking Azure AD via Active Di...
DirkjanMollema
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
Victor Rentea
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to Swagger
Knoldus Inc.
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
Jesus Perez Franco
 
What should a hacker know about WebDav?
What should a hacker know about WebDav?What should a hacker know about WebDav?
What should a hacker know about WebDav?
Mikhail Egorov
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
Andrii Gakhov
 

Similar to JWT: jku x5u (20)

Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
robertjd
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
OWASP
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
Kevin Hakanson
 
2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST Security2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST Security
David Blevins
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
 
Как разработать DBFW с нуля
Как разработать DBFW с нуляКак разработать DBFW с нуля
Как разработать DBFW с нуля
Positive Hack Days
 
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and NoteworthyJava EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Peter Pilgrim
 
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.PilgrimJavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
Payara
 
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
OPEN KNOWLEDGE GmbH
 
OpenStack Swift的性能调优
OpenStack Swift的性能调优OpenStack Swift的性能调优
OpenStack Swift的性能调优
Hardway Hou
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
Con fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhaktiCon fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhakti
Bhakti Mehta
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
Jim Manico
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaStateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Otávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoStateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - Mexico
Otávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES
Otavio Santana
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Daniel Bohannon
 
Database Firewall from Scratch
Database Firewall from ScratchDatabase Firewall from Scratch
Database Firewall from Scratch
Denis Kolegov
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
robertjd
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
OWASP
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
Kevin Hakanson
 
2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST Security2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST Security
David Blevins
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
Docker, Inc.
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
 
Как разработать DBFW с нуля
Как разработать DBFW с нуляКак разработать DBFW с нуля
Как разработать DBFW с нуля
Positive Hack Days
 
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and NoteworthyJava EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Peter Pilgrim
 
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.PilgrimJavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
Payara
 
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
OPEN KNOWLEDGE GmbH
 
OpenStack Swift的性能调优
OpenStack Swift的性能调优OpenStack Swift的性能调优
OpenStack Swift的性能调优
Hardway Hou
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
Con fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhaktiCon fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhakti
Bhakti Mehta
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
Jim Manico
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaStateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Otávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoStateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - Mexico
Otávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES
Otavio Santana
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Daniel Bohannon
 
Database Firewall from Scratch
Database Firewall from ScratchDatabase Firewall from Scratch
Database Firewall from Scratch
Denis Kolegov
 
Ad

More from snyff (10)

Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)
snyff
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
snyff
 
Entrepreneurship for hackers
Entrepreneurship for hackersEntrepreneurship for hackers
Entrepreneurship for hackers
snyff
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystacks
snyff
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF quals
snyff
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661
snyff
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositories
snyff
 
Owasp tds
Owasp tdsOwasp tds
Owasp tds
snyff
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
snyff
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Stronger
snyff
 
Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)
snyff
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
snyff
 
Entrepreneurship for hackers
Entrepreneurship for hackersEntrepreneurship for hackers
Entrepreneurship for hackers
snyff
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystacks
snyff
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF quals
snyff
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661
snyff
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositories
snyff
 
Owasp tds
Owasp tdsOwasp tds
Owasp tds
snyff
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
snyff
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Stronger
snyff
 
Ad

Recently uploaded (19)

Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 

JWT: jku x5u

  • 1. JWT jku&x5u = ❤ Attacking JSON WEB TOKENS… Louis Nyffenegger @PentesterLab [email protected]
  • 2. About me PentesterLab.com / @PentesterLab Security Engineer PentesterLab: Pentester/Code Reviewer/Security consultant/Security architect Platform to learn web security/penetration testing 100% Hands-on Available for individuals (free and PRO) and enterprises Run a website to help people learn security
  • 3. Who uses JWT? PentesterLab.com / @PentesterLab • A lot of people for OAuth2 • A lot of people for sessions • A lot of people to manage trust • A lot of people for password reset • A lot of people who care about being stateless and multi-datacenter architecture
  • 5. Signature vs Encryption PentesterLab.com / @PentesterLab Encryption gives you confidentiality Signature gives you integrity
  • 6. Multiple ways of signing PentesterLab.com / @PentesterLab • With a secret using HMAC • With a private key using RSA/EC/… (asymmetric)
  • 7. Signing with a secret PentesterLab.com / @PentesterLab Sign! Verify! Secret
  • 8. Signing: asymmetric PentesterLab.com / @PentesterLab Sign! PrivatePublic Verify!
  • 10. JavaScript Object Notation (JSON) PentesterLab.com / @PentesterLab Human readable format to store or transmit objects
  • 11. The Compact JWS Format PentesterLab.com / @PentesterLab Header Payload Signature 3 parts in a JSON Web Token:
  • 12. The Compact JWS Format PentesterLab.com / @PentesterLab Header Payload Signature Separated by a dot . .
  • 13. The Compact JWS Format PentesterLab.com / @PentesterLab eyJ0eXAiOiJK V1QiLCJhbGci OiJIUzI1NiJ9 eyJsb2dpbi I6ImFkb WluIn0 FSfvCBAwypJ4abF6 jFLmR7JgZhkW674 Z8dIdAIRyt1E Separated by a dot . . eyJ = Base64('{"')
  • 14. The Compact JWS Format PentesterLab.com / @PentesterLab Base64({…}) Base64({…}) Base64(…) Header and Payload are base64* encoded JSON . . * urlsafe base64 encoding without padding The signature is also base64 encoded
  • 15. The Compact JWS Format: Encoding PentesterLab.com / @PentesterLab Urlsafe base64 encoding without padding: *https://tools.ietf.org/html/rfc7515#appendix-C
  • 16. The JWT Format: header PentesterLab.com / @PentesterLab Base64({"alg": "HS256", "typ": "JWS"}) The header contains an algorithm “alg” attribute: In this example HMAC with SHA256 was used To tell how the token was signed. … . . …
  • 17. The JWT Format: Algorithms PentesterLab.com / @PentesterLab A lot of different algorithms are supported*: None * https://jwt.io/ covers most HS256 HS384 HS512 RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512
  • 18. The JWT Format: payload PentesterLab.com / @PentesterLab … The payload may contain literally anything: Base64({"user":"admin", "roles": ["adm","users"]}). . …
  • 19. The JWT Format: payload PentesterLab.com / @PentesterLab The payload may contain registered claims: Base64({"user":"admin", "exp":12…, "iat":1234.. }). .… …
  • 20. The JWT Format: creating a token PentesterLab.com / @PentesterLab • Create the JSON header and base64 encode it • Create the JSON payload and base64 encode it • Concatenate with a dot the (encoded) header and payload • Sign the result (header+.+payload) • Base64 encode the signature • Append a dot then the signature
  • 21. The JWT Format: verifying a token PentesterLab.com / @PentesterLab • Split the token in three parts based on the dots • Base64 decode each part • Parse the JSON for the header and payload • Retrieve the algorithm from the header • Verify the signature based on the algorithm • Verify the claims
  • 22. Classic JWT attacks PentesterLab.com / @PentesterLab • None algorithm • Trivial secret • Algorithm confusion • Injection in the kid parameter • CVE-2018-0114 •
  • 24. jku and x5u PentesterLab.com / @PentesterLab • If you read some of the JWS RFC, you probably learnt about jku and x5u parameter for the headers • People are starting to use jku (JWK URL)
  • 25. The JWT Format: jku&x5u PentesterLab.com / @PentesterLab Base64({"jku": "https://...", ...}) … . . … Base64({"x5u": "https://...", ...}) … . . …
  • 26. The JWT Format: jwk PentesterLab.com / @PentesterLab { "keys": [ { "kty": "RSA", "use": "sig", "kid": "pentesterlab", "n": "oTtAXRgdJ6Pu0jr3hK3opCF5uqKWKbm4Kkq...vTF0FGw", "e": "AQAB", "alg": "RS256" } ] }
  • 27. The JWT Format: x5c PentesterLab.com / @PentesterLab { "keys": [ { "kty": "RSA", "use": "sig", "kid": "pentesterlab", "x5c": "MIIDWDCCAkACCQCnE....fpye27SQbC2fBxebsek=", "alg": "RS256" } ] }
  • 28. jku and x5u PentesterLab.com / @PentesterLab Application Trusted Server User
  • 29. Application Trusted Server User HTTP Request with JWT1 jku and x5u PentesterLab.com / @PentesterLab
  • 30. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 jku and x5u PentesterLab.com / @PentesterLab
  • 31. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
  • 32. Fetching of the JWK based on the “jku” header Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Parsing of the JWK4 jku and x5u PentesterLab.com / @PentesterLab
  • 33. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
  • 34. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header Response 1 6 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
  • 35. jku and x5u PentesterLab.com / @PentesterLab Application Malicious Server HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header Response 1 6 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Attacker Fetching of the malicious JWK based on the “jku” header
  • 36. jku and x5u PentesterLab.com / @PentesterLab Application Malicious Server HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header1 2 3 Attacker Fetching of the malicious JWK based on the “jku” header
  • 37. jku and x5u PentesterLab.com / @PentesterLab Turns out filtering URLs is incredibly hard
  • 38. jku and x5u : regular expression PentesterLab.com / @PentesterLab https://trusted.example.com => https://trustedzexample.com
  • 39. jku and x5u : starts with PentesterLab.com / @PentesterLab https://trusted => https://[email protected] https://trusted/jwks/ => https://trusted/jwks/../file_uploaded https://trusted/jwks/ => https://trusted/jwks/../open_redirect https://trusted/jwks/ => https://trusted/jwks/../header_injection
  • 40. 3 Fetching of the JWK based on the “jku” header Parsing of the JWT to extract the “jku” header2 Application Trusted Server HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 41. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server HTTP Request with malicious JWT1 Malicious Server 3 Fetching of the JWK based on the “jku” header Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 42. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 43. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 44. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Parsing of the JWK4 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 45. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Parsing of the JWK4 Verifying the JWT signature using the malicious JWK5 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 46. 3 Fetching of the JWK based on the “jku” header Parsing of the JWT to extract the “jku” header2 Application Trusted Server HTTP Request with malicious JWT1 Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 47. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header HTTP Request with malicious JWT1 Header Injection Attacker Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 48. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 49. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Parsing of the JWK4 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 50. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Parsing of the JWK4 Verifying the JWT signature using the JWK from the header injection 5 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 51. Libraries: jku header injection - Exploitation PentesterLab.com / @PentesterLab Exploitation: • Find a Header Injection • Use the Header Injection to return your JWK • Add the Header Injection as jku • Sign the token with your RSA key
  • 52. jku and x5u: downgrade PentesterLab.com / @PentesterLab • The RFC calls out enforcing TLS to avoid MITM • Few implementations get it wrong: Enforcing when you set the value vs Enforcing when you fetch the key
  • 54. Recommendations PentesterLab.com / @PentesterLab ✓ Use strong keys and secrets ✓ Don’t store them in your source code ✓ Make sure you have key rotation built-in
  • 55. Recommendations PentesterLab.com / @PentesterLab ✓ Review the libraries you pick (KISS library) ✓ Make sure you check the signature ✓ Make sure your tokens expire ✓ Enforce the algorithm
  • 56. Recommendations PentesterLab.com / @PentesterLab ✓ Test for x5u and jku ✓ Don't burn Open Redirect ✓ Read RFC ✓ Hack all the things!
  • 57. Conclusion PentesterLab.com / @PentesterLab • JWT are complex and kind of insecure by design (make sure you check https://github.com/paragonie/paseto) • JWT libraries introduce very interesting bugs • Make sure you test for those if you write code, pentest or do bug bounties
  • 58. Any questions? FOR YOUR TIME ! THANKS [email protected] / PentesterLab.com / @PentesterLab