/jwt-key-id-injector

Simple python script to check against hypothetical JWT vulnerability.

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

JWT Key ID Injector

Simple python script to check against hypothetical JWT vulnerability.

Let's say there is an application that uses JWT tokens signed HS256 algorithm. An example token looks like the follow:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.zbgd5BNF1cqQ_prCEqIvBTjSxMS8bDLnJAE_wE-0Cxg

Above token can be decoded to the following data:

{
  "alg": "HS256",
  "typ": "JWT"
}
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

To calculate signature the following secret is used:

supersecret

The following pseudo code is used to calculate signature:

$alg = "sha256";
$data = "...";
$key = "supersecret";

hmac($alg, $data, $key);

But what if unexpected "kid":0 field will be injected into the header?

{
  "alg": "HS256",
  "typ": "JWT",
  "kid": 0
}
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

kid field is a standard way to choose a key. My assumption is that, if kid field is not expected, there may be vulnerable implementation that will treat the string $key value as an array:

hmac($alg, $data, $key[kid]);

As results "s" ($key[0]) value will be used as an HMAC secret.

Usage

injector.py script takes original JWT token, injects "kid":0 field into the header and generates tokens signed with the one-letter secrets (ASCII codes: 32 - 126 [{space}, !, ", #, ..., x, y, z, {, |, }, ~]):

python3 injector.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.zbgd5BNF1cqQ_prCEqIvBTjSxMS8bDLnJAE_wE-0Cxg

As results two files are created - tokens.txt and tokens_meta.txt. tokens.txt contains generated tokens and can be used as a list of payloads for the Burp Intruder. If any token is valid (what means that application is vulnerable), tokens_meta.txt file can be used to check what algorithm and secret were used to generate the given token. tokens_meta.txt file contains the following data:

token1:algorithm:secret
...
token{n}:algorithm:secret

Changes

Please see the CHANGELOG