JWT VIII
Bookmarked!This exercise covers how to use the jku header to bypass an authentication based on JWT.
This lab focuses on the jku
header in JWT tokens, which allows users to link to a public key inside the token's header. The primary objective is to forge a token that grants admin privileges. The exercise highlights the potential risks when an application trusts a URL provided in the jku
header, as an attacker can manipulate this URL to use their own public key and sign the message with the corresponding private key.
By following this exercise, you will learn to create a private RSA key using openssl
, extract the necessary components (n and e) from the private key, populate a JWK file, and sign the token using RSA with the private key. This exercise demonstrates how even signed payloads can be vulnerable to exploitation if proper checks are not implemented.