sushiwushi/jwt.txt

## jwt.txt
1. Leaked JWT secret keys through JavaScript files
Zendesk is a support system used by many websites, some of them enabled JWT for single sign-on authentication https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on

There maybe a possibility that the JWT secret token is leaked in JavaScript files, as shown in the report below
https://hackerone.com/reports/638635

To search for it, grep (Ctrl + F) for "jwt" in website's Zendesk JavaScript files

References
https://jwt.io
https://unixstamp.com
https://www.uuidgenerator.net

2. Breaking JWT encryption
JWT presents as Authorization Bearer token in HTTP requests and can be decrypted to further analyze any vulnerabilities present

(a) Manipulating algorithm
JWT is built from 3 parts which is base64 encoded => b64_encode(header).b64_encode(payload).b64_encode(signature)

The "header" part contains the algorithm it uses to transfer the token, it can be manipulated to bypass the verification from the server. If successful, it can be used to login into anyone's user account.

i. "none" algorithm
Modify the above header to contain {"alg": "none"} instead of "HS256". Make any desired changes to the payload. Use an empty signature (i.e. signature = "").

If a secret key was provided, then token verification will fail for tokens using the none algorithm.

Reference
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries

ii. "HS256" algorithm
Modify the header alg to HS256
Copy server certificate and extract the public key

Reference
https://habr.com/en/post/450054
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6

(b) Manipulating payload
i. IDOR
The JWT token had the session id and user id and signed with HS256, pretty good right but no the api did not validate any of that

https://medium.com/bugbountywriteup/idor-in-jwt-and-the-shortest-token-you-will-ever-see-uid-1234567890-4e02377ea03a

(c) Manipulating signature
i. Cracking HS256 key
If the HS256 key strength is weak, it can be directly brute-forced, such as using the secret string as a key in the PyJWT library sample code

Reference
https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
https://medium.com/@valeriyshevchenko/brute-forcing-jwt-token-hs256-6f545d24c7c3

ii. Timing attack
https://hackernoon.com/can-timing-attack-be-a-practical-security-threat-on-jwt-signature-ba3c8340dea9

3. Sources
Cheatsheet PDF
https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf

Blog post about JWT web token analysis
https://mazinahmed.net/blog/breaking-jwt

Payloads
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/JSON%20Web%20Token

Tools
https://github.com/mazen160/jwt-pwn
	1. Leaked JWT secret keys through JavaScript files
	Zendesk is a support system used by many websites, some of them enabled JWT for single sign-on authentication https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on

	There maybe a possibility that the JWT secret token is leaked in JavaScript files, as shown in the report below
	https://hackerone.com/reports/638635

	To search for it, grep (Ctrl + F) for "jwt" in website's Zendesk JavaScript files

	References
	https://jwt.io
	https://unixstamp.com
	https://www.uuidgenerator.net

	2. Breaking JWT encryption
	JWT presents as Authorization Bearer token in HTTP requests and can be decrypted to further analyze any vulnerabilities present

	(a) Manipulating algorithm
	JWT is built from 3 parts which is base64 encoded => b64_encode(header).b64_encode(payload).b64_encode(signature)

	The "header" part contains the algorithm it uses to transfer the token, it can be manipulated to bypass the verification from the server. If successful, it can be used to login into anyone's user account.

	i. "none" algorithm
	Modify the above header to contain {"alg": "none"} instead of "HS256". Make any desired changes to the payload. Use an empty signature (i.e. signature = "").

	If a secret key was provided, then token verification will fail for tokens using the none algorithm.

	Reference
	https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries

	ii. "HS256" algorithm
	Modify the header alg to HS256
	Copy server certificate and extract the public key

	Reference
	https://habr.com/en/post/450054
	https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6

	(b) Manipulating payload
	i. IDOR
	The JWT token had the session id and user id and signed with HS256, pretty good right but no the api did not validate any of that

	https://medium.com/bugbountywriteup/idor-in-jwt-and-the-shortest-token-you-will-ever-see-uid-1234567890-4e02377ea03a

	(c) Manipulating signature
	i. Cracking HS256 key
	If the HS256 key strength is weak, it can be directly brute-forced, such as using the secret string as a key in the PyJWT library sample code

	Reference
	https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
	https://medium.com/@valeriyshevchenko/brute-forcing-jwt-token-hs256-6f545d24c7c3

	ii. Timing attack
	https://hackernoon.com/can-timing-attack-be-a-practical-security-threat-on-jwt-signature-ba3c8340dea9

	3. Sources
	Cheatsheet PDF
	https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf

	Blog post about JWT web token analysis
	https://mazinahmed.net/blog/breaking-jwt

	Payloads
	https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/JSON%20Web%20Token

	Tools
	https://github.com/mazen160/jwt-pwn