You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is the jwt_tool missing targets that don't check the signature? or have I missed something? I was testing on a site that is intentionally vulnerable and does not check the JWT signature.
My hypothesis is that there is a prescan check for "Broken signature Response Code"... does the tool use the response from this prescan check to assume what a rejected jwt request like?
My observations based on logs below:
The prescan check sends in the user supplied token to check what a verified jwt token response looks like, (this seems ok)
The prescan check sends in request with no JWT and response size is different (also seems ok)
The prescan check sends in jwt with broken signature (is the purpose to determine what a rejected request looks like?)
The 1st test in the JWT Attack Playbook is to send in a broken signature. The jwt_tool colours
is this green..to me this implies the test passed and there is not issues. It would have thought if it the signature check failed then it the output in the logs should be red in colour? There fore it makes me think the jwt_tool wrongly assumes what a failed jwt looks like
Extract from logs
Running prescan checks...
[+] FOUND "Log out" in response:
jwttool_c1355b4af62d5d5bd818fbfd1b605cb1 Prescan: original token Response Code: 200, 3347 bytes
jwttool_858707343d25ccdd2cdf94f1acbb57d4 Prescan: no token Response Code: 200, 3179 bytes
[+] FOUND "Log out" in response:
jwttool_c116f211fbf897449704deb8a26c8bfd Prescan: Broken signature Response Code: 200, 3347 bytes
[+] FOUND "Log out" in response:
jwttool_04382fc2dac271c2b8ac6ee5c6a43bb3 Prescan: repeat original token Response Code: 200, 3347 bytes
LAUNCHING SCAN: JWT Attack Playbook
[+] FOUND "Log out" in response:
jwttool_e77e16f5dbd2168a36b075f0f1e56e9a Broken signature Response Code: 200, 3347 bytes
[+] FOUND "Log out" in response:
The text was updated successfully, but these errors were encountered:
Is the jwt_tool missing targets that don't check the signature? or have I missed something? I was testing on a site that is intentionally vulnerable and does not check the JWT signature.
My hypothesis is that there is a prescan check for "Broken signature Response Code"... does the tool use the response from this prescan check to assume what a rejected jwt request like?
My observations based on logs below:
The prescan check sends in the user supplied token to check what a verified jwt token response looks like, (this seems ok)
The prescan check sends in request with no JWT and response size is different (also seems ok)
The prescan check sends in jwt with broken signature (is the purpose to determine what a rejected request looks like?)
The 1st test in the JWT Attack Playbook is to send in a broken signature. The jwt_tool colours
is this green..to me this implies the test passed and there is not issues. It would have thought if it the signature check failed then it the output in the logs should be red in colour? There fore it makes me think the jwt_tool wrongly assumes what a failed jwt looks like
Extract from logs
Running prescan checks...
[+] FOUND "Log out" in response:
jwttool_c1355b4af62d5d5bd818fbfd1b605cb1 Prescan: original token Response Code: 200, 3347 bytes
jwttool_858707343d25ccdd2cdf94f1acbb57d4 Prescan: no token Response Code: 200, 3179 bytes
[+] FOUND "Log out" in response:
jwttool_c116f211fbf897449704deb8a26c8bfd Prescan: Broken signature Response Code: 200, 3347 bytes
[+] FOUND "Log out" in response:
jwttool_04382fc2dac271c2b8ac6ee5c6a43bb3 Prescan: repeat original token Response Code: 200, 3347 bytes
LAUNCHING SCAN: JWT Attack Playbook
[+] FOUND "Log out" in response:
jwttool_e77e16f5dbd2168a36b075f0f1e56e9a Broken signature Response Code: 200, 3347 bytes
[+] FOUND "Log out" in response:
The text was updated successfully, but these errors were encountered: