JWT VIII
This exercise covers how to use the jku header to bypass an authentication based on JWT.
Course
This lab focuses on the `jku` header in JWT tokens, which allows users to link to a public key inside the token's header. The primary objective is to forge a token that grants admin privileges. The exercise highlights the potential risks when an application trusts a URL provided in the `jku` header, as an attacker can manipulate this URL to use their own public key and sign the message with the corresponding private key.
By following this exercise, you will learn to create a private RSA key using `openssl`, extract the necessary components (n and e) from the private key, populate a JWK file, and sign the token using RSA with the private key. This exercise demonstrates how even signed payloads can be vulnerable to exploitation if proper checks are not implemented.