SlideShare a Scribd company logo
1 of 58
Download to read offline
JWT jku&x5u = ❤
Attacking JSON WEB TOKENS…
Louis Nyffenegger
@PentesterLab
louis@pentesterlab.com
About me
PentesterLab.com / @PentesterLab
Security Engineer
PentesterLab:
Pentester/Code Reviewer/Security consultant/Security architect
Platform to learn web security/penetration testing
100% Hands-on
Available for individuals (free and PRO) and enterprises
Run a website to help people learn security
Who uses JWT?
PentesterLab.com / @PentesterLab
• A lot of people for OAuth2
• A lot of people for sessions
• A lot of people to manage trust
• A lot of people for password reset
• A lot of people who care about being stateless
and multi-datacenter architecture
Crypto 101
Signature vs Encryption
PentesterLab.com / @PentesterLab
Encryption gives you confidentiality
Signature gives you integrity
Multiple ways of signing
PentesterLab.com / @PentesterLab
• With a secret using HMAC
• With a private key using RSA/EC/… (asymmetric)
Signing with a secret
PentesterLab.com / @PentesterLab
Sign! Verify!
Secret
Signing: asymmetric
PentesterLab.com / @PentesterLab
Sign!
PrivatePublic
Verify!
THE JWT FORMAT
JavaScript Object Notation (JSON)
PentesterLab.com / @PentesterLab
Human readable format to store or transmit objects
The Compact JWS Format
PentesterLab.com / @PentesterLab
Header Payload Signature
3 parts in a JSON Web Token:
The Compact JWS Format
PentesterLab.com / @PentesterLab
Header Payload Signature
Separated by a dot
. .
The Compact JWS Format
PentesterLab.com / @PentesterLab
eyJ0eXAiOiJK
V1QiLCJhbGci
OiJIUzI1NiJ9
eyJsb2dpbi
I6ImFkb
WluIn0
FSfvCBAwypJ4abF6
jFLmR7JgZhkW674
Z8dIdAIRyt1E
Separated by a dot
. .
eyJ = Base64('{"')
The Compact JWS Format
PentesterLab.com / @PentesterLab
Base64({…}) Base64({…}) Base64(…)
Header and Payload are base64* encoded JSON
. .
* urlsafe base64 encoding without padding
The signature is also base64 encoded
The Compact JWS Format: Encoding
PentesterLab.com / @PentesterLab
Urlsafe base64 encoding without padding:
*https://tools.ietf.org/html/rfc7515#appendix-C
The JWT Format: header
PentesterLab.com / @PentesterLab
Base64({"alg": "HS256",
"typ": "JWS"})
The header contains an algorithm “alg” attribute:
In this example HMAC with SHA256 was used
To tell how the token was signed.
…
. . …
The JWT Format: Algorithms
PentesterLab.com / @PentesterLab
A lot of different algorithms are supported*:
None
* https://jwt.io/ covers most
HS256
HS384
HS512
RS256
RS384
RS512
ES256
ES384
ES512
PS256
PS384
PS512
The JWT Format: payload
PentesterLab.com / @PentesterLab
…
The payload may contain literally anything:
Base64({"user":"admin",
"roles": ["adm","users"]}). . …
The JWT Format: payload
PentesterLab.com / @PentesterLab
The payload may contain registered claims:
Base64({"user":"admin",
"exp":12…, "iat":1234.. }). .… …
The JWT Format: creating a token
PentesterLab.com / @PentesterLab
• Create the JSON header and base64 encode it
• Create the JSON payload and base64 encode it
• Concatenate with a dot the (encoded) header
and payload
• Sign the result (header+.+payload)
• Base64 encode the signature
• Append a dot then the signature
The JWT Format: verifying a token
PentesterLab.com / @PentesterLab
• Split the token in three parts based on the dots
• Base64 decode each part
• Parse the JSON for the header and payload
• Retrieve the algorithm from the header
• Verify the signature based on the algorithm
• Verify the claims
Classic JWT attacks
PentesterLab.com / @PentesterLab
• None algorithm
• Trivial secret
• Algorithm confusion
• Injection in the kid parameter
• CVE-2018-0114
•
jku & x5u
jku and x5u
PentesterLab.com / @PentesterLab
• If you read some of the JWS RFC, you probably
learnt about jku and x5u parameter for the headers
• People are starting to use jku (JWK URL)
The JWT Format: jku&x5u
PentesterLab.com / @PentesterLab
Base64({"jku": "https://...",
...})
…
. . …
Base64({"x5u": "https://...",
...})
…
. . …
The JWT Format: jwk
PentesterLab.com / @PentesterLab
{
"keys": [
{
"kty": "RSA",
"use": "sig",
"kid": "pentesterlab",
"n": "oTtAXRgdJ6Pu0jr3hK3opCF5uqKWKbm4Kkq...vTF0FGw",
"e": "AQAB",
"alg": "RS256"
}
]
}
The JWT Format: x5c
PentesterLab.com / @PentesterLab
{
"keys": [
{
"kty": "RSA",
"use": "sig",
"kid": "pentesterlab",
"x5c": "MIIDWDCCAkACCQCnE....fpye27SQbC2fBxebsek=",
"alg": "RS256"
}
]
}
jku and x5u
PentesterLab.com / @PentesterLab
Application
Trusted
Server
User
Application
Trusted
Server
User
HTTP Request with JWT1
jku and x5u
PentesterLab.com / @PentesterLab
Application
Trusted
Server
User
HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2
jku and x5u
PentesterLab.com / @PentesterLab
Application
Trusted
Server
User
HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2
3 Fetching of the JWK based on the “jku” header
jku and x5u
PentesterLab.com / @PentesterLab
Fetching of the JWK based on the “jku” header
Application
Trusted
Server
User
HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2
3
Parsing of the JWK4
jku and x5u
PentesterLab.com / @PentesterLab
Application
Trusted
Server
User
HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2
3
Parsing of the JWK4
Verifying the JWT signature using the JWK5
Fetching of the JWK based on the “jku” header
jku and x5u
PentesterLab.com / @PentesterLab
Application
Trusted
Server
User
HTTP Request with JWT Parsing of the JWT to extract the “jku” header
Response
1
6
2
3
Parsing of the JWK4
Verifying the JWT signature using the JWK5
Fetching of the JWK based on the “jku” header
jku and x5u
PentesterLab.com / @PentesterLab
jku and x5u
PentesterLab.com / @PentesterLab
Application
Malicious
Server
HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header
Response
1
6
2
3
Parsing of the JWK4
Verifying the JWT signature using the JWK5
Attacker
Fetching of the malicious JWK based on the “jku” header
jku and x5u
PentesterLab.com / @PentesterLab
Application
Malicious
Server
HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header1 2
3
Attacker
Fetching of the malicious JWK based on the “jku” header
jku and x5u
PentesterLab.com / @PentesterLab
Turns out filtering URLs is incredibly hard
jku and x5u : regular expression
PentesterLab.com / @PentesterLab
https://trusted.example.com => https://trustedzexample.com
jku and x5u : starts with
PentesterLab.com / @PentesterLab
https://trusted => https://trusted@pentesterlab.com
https://trusted/jwks/ => https://trusted/jwks/../file_uploaded
https://trusted/jwks/ => https://trusted/jwks/../open_redirect
https://trusted/jwks/ => https://trusted/jwks/../header_injection
3 Fetching of the JWK based on the “jku” header
Parsing of the JWT to extract the “jku” header2
Application
Trusted
Server
HTTP Request with malicious JWT1
Malicious
Server
Attacker
jku and Open Redirect
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Open Redirect
Trusted
Server
HTTP Request with malicious JWT1
Malicious
Server
3 Fetching of the JWK based on the “jku” header
Attacker
jku and Open Redirect
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Open Redirect
Trusted
Server
3 Fetching of the JWK based on the “jku” header
3a Redirect to malicious server
HTTP Request with malicious JWT1
Malicious
Server
Attacker
jku and Open Redirect
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Open Redirect
Trusted
Server
3 Fetching of the JWK based on the “jku” header
3a Redirect to malicious server
3b Fetching of the malicious JWK
after following the redirect
HTTP Request with malicious JWT1
Malicious
Server
Attacker
jku and Open Redirect
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Open Redirect
Trusted
Server
3
Parsing of the JWK4
Fetching of the JWK based on the “jku” header
3a Redirect to malicious server
3b Fetching of the malicious JWK
after following the redirect
HTTP Request with malicious JWT1
Malicious
Server
Attacker
jku and Open Redirect
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Open Redirect
Trusted
Server
3
Parsing of the JWK4
Verifying the JWT signature using the malicious JWK5
Fetching of the JWK based on the “jku” header
3a Redirect to malicious server
3b Fetching of the malicious JWK
after following the redirect
HTTP Request with malicious JWT1
Malicious
Server
Attacker
jku and Open Redirect
PentesterLab.com / @PentesterLab
3 Fetching of the JWK based on the “jku” header
Parsing of the JWT to extract the “jku” header2
Application
Trusted
Server
HTTP Request with malicious JWT1
Attacker
jku and Header Injection
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Header Injection
Trusted
Server
3 Fetching of the JWK based on the “jku” header
HTTP Request with malicious JWT1
Header Injection
Attacker
Parsing of the JWT to extract the “jku” header2
Application
Header Injection
Trusted
Server
3 Fetching of the JWK based on the “jku” header
HTTP Request with malicious JWT1
Header Injection
Attacker
jku and Header Injection
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Header Injection
Trusted
Server
3 Fetching of the JWK based on the “jku” header
3a The jku uses the header injection
to reflect the jwk in a response
HTTP Request with malicious JWT1
Header Injection
Attacker
jku and Header Injection
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Header Injection
Trusted
Server
3
Parsing of the JWK4
Fetching of the JWK based on the “jku” header
3a The jku uses the header injection
to reflect the jwk in a response
HTTP Request with malicious JWT1
Header Injection
Attacker
jku and Header Injection
PentesterLab.com / @PentesterLab
Parsing of the JWT to extract the “jku” header2
Application
Header Injection
Trusted
Server
3
Parsing of the JWK4
Verifying the JWT signature using the
JWK from the header injection
5
Fetching of the JWK based on the “jku” header
3a The jku uses the header injection
to reflect the jwk in a response
HTTP Request with malicious JWT1
Header Injection
Attacker
jku and Header Injection
PentesterLab.com / @PentesterLab
Libraries: jku header injection - Exploitation
PentesterLab.com / @PentesterLab
Exploitation:
• Find a Header Injection
• Use the Header Injection to return
your JWK
• Add the Header Injection as jku
• Sign the token with your RSA key
jku and x5u: downgrade
PentesterLab.com / @PentesterLab
• The RFC calls out enforcing TLS to avoid MITM
• Few implementations get it wrong:
Enforcing when you set the value
vs
Enforcing when you fetch the key
Conclusion
Recommendations
PentesterLab.com / @PentesterLab
✓ Use strong keys and secrets
✓ Don’t store them in your source code
✓ Make sure you have key rotation built-in
Recommendations
PentesterLab.com / @PentesterLab
✓ Review the libraries you pick (KISS library)
✓ Make sure you check the signature
✓ Make sure your tokens expire
✓ Enforce the algorithm
Recommendations
PentesterLab.com / @PentesterLab
✓ Test for x5u and jku
✓ Don't burn Open Redirect
✓ Read RFC
✓ Hack all the things!
Conclusion
PentesterLab.com / @PentesterLab
• JWT are complex and kind of insecure by design
(make sure you check https://github.com/paragonie/paseto)
• JWT libraries introduce very interesting bugs
• Make sure you test for those if you write code,
pentest or do bug bounties
Any questions?
FOR YOUR TIME !
THANKS
louis@pentesterlab.com / PentesterLab.com / @PentesterLab

More Related Content

What's hot

Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsMikhail Egorov
 
A Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityA Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityMikhail Egorov
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)Will Schroeder
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsAndy Robbins
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokensOWASP
 
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionGoing Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionSoroush Dalili
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructuredAmi Mahloof
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege EscalationRiyaz Walikar
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트)
Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트) Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트)
Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트) Channy Yun
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with KeycloakJulien Pivotto
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Finally, easy integration testing with Testcontainers
Finally, easy integration testing with TestcontainersFinally, easy integration testing with Testcontainers
Finally, easy integration testing with TestcontainersRudy De Busscher
 

What's hot (20)

Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
Json Web Token - JWT
Json Web Token - JWTJson Web Token - JWT
Json Web Token - JWT
 
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
 
A Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications securityA Hacker's perspective on AEM applications security
A Hacker's perspective on AEM applications security
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
 
Here Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLsHere Be Dragons: The Unexplored Land of Active Directory ACLs
Here Be Dragons: The Unexplored Land of Active Directory ACLs
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
 
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 EditionGoing Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
Going Beyond Microsoft IIS Short File Name Disclosure - NahamCon 2023 Edition
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
 
OAuth in the Wild
OAuth in the WildOAuth in the Wild
OAuth in the Wild
 
Testing Ansible
Testing AnsibleTesting Ansible
Testing Ansible
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege Escalation
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트)
Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트) Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트)
Kubernates를 위한 Chaos Engineering in Action :: 윤석찬 (AWS 테크에반젤리스트)
 
SIngle Sign On with Keycloak
SIngle Sign On with KeycloakSIngle Sign On with Keycloak
SIngle Sign On with Keycloak
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Finally, easy integration testing with Testcontainers
Finally, easy integration testing with TestcontainersFinally, easy integration testing with Testcontainers
Finally, easy integration testing with Testcontainers
 

Similar to JWT: jku x5u

Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?snyff
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsrobertjd
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
 
2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST Security2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST SecurityDavid Blevins
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101Steve Martinelli
 
Как разработать DBFW с нуля
Как разработать DBFW с нуляКак разработать DBFW с нуля
Как разработать DBFW с нуляPositive Hack Days
 
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.PilgrimJavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.PilgrimPayara
 
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and NoteworthyJava EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and NoteworthyPeter Pilgrim
 
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8OPEN KNOWLEDGE GmbH
 
OpenStack Swift的性能调优
OpenStack Swift的性能调优OpenStack Swift的性能调优
OpenStack Swift的性能调优Hardway Hou
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
Con fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhaktiCon fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhaktiBhakti Mehta
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Jim Manico
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoStateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoOtávio Santana
 
Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Otavio Santana
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaStateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaOtávio Santana
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Daniel Bohannon
 

Similar to JWT: jku x5u (20)

Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
 
2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST Security2018 JavaLand Deconstructing and Evolving REST Security
2018 JavaLand Deconstructing and Evolving REST Security
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
 
Как разработать DBFW с нуля
Как разработать DBFW с нуляКак разработать DBFW с нуля
Как разработать DBFW с нуля
 
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.PilgrimJavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
JavaEE & GlassFish UG - Digital JavaEE 7 New & Noteworthy by P.Pilgrim
 
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and NoteworthyJava EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
Java EE & Glass Fish User Group: Digital JavaEE 7 - New and Noteworthy
 
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
STATE OF THE ART AUTHENTICATION MIT JAVA EE 8
 
OpenStack Swift的性能调优
OpenStack Swift的性能调优OpenStack Swift的性能调优
OpenStack Swift的性能调优
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
 
Con fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhaktiCon fess 2013-sse-websockets-json-bhakti
Con fess 2013-sse-websockets-json-bhakti
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Stateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - MexicoStateless Microservice Security via JWT and MicroProfile - Mexico
Stateless Microservice Security via JWT and MicroProfile - Mexico
 
Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES Stateless Microservice Security via JWT and MicroProfile - ES
Stateless Microservice Security via JWT and MicroProfile - ES
 
Stateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - GuatemalaStateless Microservice Security via JWT and MicroProfile - Guatemala
Stateless Microservice Security via JWT and MicroProfile - Guatemala
 
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niqu...
 

More from snyff

Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)snyff
 
Entomology 101
Entomology 101Entomology 101
Entomology 101snyff
 
Entrepreneurship for hackers
Entrepreneurship for hackersEntrepreneurship for hackers
Entrepreneurship for hackerssnyff
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystackssnyff
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF qualssnyff
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661snyff
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositoriessnyff
 
Owasp tds
Owasp tdsOwasp tds
Owasp tdssnyff
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013   what happened to railsRuxmon feb 2013   what happened to rails
Ruxmon feb 2013 what happened to railssnyff
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Strongersnyff
 

More from snyff (10)

Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
 
Entrepreneurship for hackers
Entrepreneurship for hackersEntrepreneurship for hackers
Entrepreneurship for hackers
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystacks
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF quals
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositories
 
Owasp tds
Owasp tdsOwasp tds
Owasp tds
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013   what happened to railsRuxmon feb 2013   what happened to rails
Ruxmon feb 2013 what happened to rails
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Stronger
 

Recently uploaded

Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)Internet 2.0 Conference
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Test Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_PresentationTest Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_PresentationUiPathCommunity
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Discussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in GhanaDiscussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in GhanaDesmond Israel
 
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...Anju21552
 

Recently uploaded (13)

Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
Internet 2.0 Conference (Event Information Deck | Dec'24 - Mar'25)
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Test Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_PresentationTest Automation with Gen AI_Final_Presentation
Test Automation with Gen AI_Final_Presentation
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Discussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in GhanaDiscussing Potential of Submarine Cables Causing Internet Blackout in Ghana
Discussing Potential of Submarine Cables Causing Internet Blackout in Ghana
 
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
Aligning Testing Objectives with Overall Project Goals for Successful Outcome...
 

JWT: jku x5u

  • 1. JWT jku&x5u = ❤ Attacking JSON WEB TOKENS… Louis Nyffenegger @PentesterLab louis@pentesterlab.com
  • 2. About me PentesterLab.com / @PentesterLab Security Engineer PentesterLab: Pentester/Code Reviewer/Security consultant/Security architect Platform to learn web security/penetration testing 100% Hands-on Available for individuals (free and PRO) and enterprises Run a website to help people learn security
  • 3. Who uses JWT? PentesterLab.com / @PentesterLab • A lot of people for OAuth2 • A lot of people for sessions • A lot of people to manage trust • A lot of people for password reset • A lot of people who care about being stateless and multi-datacenter architecture
  • 5. Signature vs Encryption PentesterLab.com / @PentesterLab Encryption gives you confidentiality Signature gives you integrity
  • 6. Multiple ways of signing PentesterLab.com / @PentesterLab • With a secret using HMAC • With a private key using RSA/EC/… (asymmetric)
  • 7. Signing with a secret PentesterLab.com / @PentesterLab Sign! Verify! Secret
  • 8. Signing: asymmetric PentesterLab.com / @PentesterLab Sign! PrivatePublic Verify!
  • 10. JavaScript Object Notation (JSON) PentesterLab.com / @PentesterLab Human readable format to store or transmit objects
  • 11. The Compact JWS Format PentesterLab.com / @PentesterLab Header Payload Signature 3 parts in a JSON Web Token:
  • 12. The Compact JWS Format PentesterLab.com / @PentesterLab Header Payload Signature Separated by a dot . .
  • 13. The Compact JWS Format PentesterLab.com / @PentesterLab eyJ0eXAiOiJK V1QiLCJhbGci OiJIUzI1NiJ9 eyJsb2dpbi I6ImFkb WluIn0 FSfvCBAwypJ4abF6 jFLmR7JgZhkW674 Z8dIdAIRyt1E Separated by a dot . . eyJ = Base64('{"')
  • 14. The Compact JWS Format PentesterLab.com / @PentesterLab Base64({…}) Base64({…}) Base64(…) Header and Payload are base64* encoded JSON . . * urlsafe base64 encoding without padding The signature is also base64 encoded
  • 15. The Compact JWS Format: Encoding PentesterLab.com / @PentesterLab Urlsafe base64 encoding without padding: *https://tools.ietf.org/html/rfc7515#appendix-C
  • 16. The JWT Format: header PentesterLab.com / @PentesterLab Base64({"alg": "HS256", "typ": "JWS"}) The header contains an algorithm “alg” attribute: In this example HMAC with SHA256 was used To tell how the token was signed. … . . …
  • 17. The JWT Format: Algorithms PentesterLab.com / @PentesterLab A lot of different algorithms are supported*: None * https://jwt.io/ covers most HS256 HS384 HS512 RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512
  • 18. The JWT Format: payload PentesterLab.com / @PentesterLab … The payload may contain literally anything: Base64({"user":"admin", "roles": ["adm","users"]}). . …
  • 19. The JWT Format: payload PentesterLab.com / @PentesterLab The payload may contain registered claims: Base64({"user":"admin", "exp":12…, "iat":1234.. }). .… …
  • 20. The JWT Format: creating a token PentesterLab.com / @PentesterLab • Create the JSON header and base64 encode it • Create the JSON payload and base64 encode it • Concatenate with a dot the (encoded) header and payload • Sign the result (header+.+payload) • Base64 encode the signature • Append a dot then the signature
  • 21. The JWT Format: verifying a token PentesterLab.com / @PentesterLab • Split the token in three parts based on the dots • Base64 decode each part • Parse the JSON for the header and payload • Retrieve the algorithm from the header • Verify the signature based on the algorithm • Verify the claims
  • 22. Classic JWT attacks PentesterLab.com / @PentesterLab • None algorithm • Trivial secret • Algorithm confusion • Injection in the kid parameter • CVE-2018-0114 •
  • 24. jku and x5u PentesterLab.com / @PentesterLab • If you read some of the JWS RFC, you probably learnt about jku and x5u parameter for the headers • People are starting to use jku (JWK URL)
  • 25. The JWT Format: jku&x5u PentesterLab.com / @PentesterLab Base64({"jku": "https://...", ...}) … . . … Base64({"x5u": "https://...", ...}) … . . …
  • 26. The JWT Format: jwk PentesterLab.com / @PentesterLab { "keys": [ { "kty": "RSA", "use": "sig", "kid": "pentesterlab", "n": "oTtAXRgdJ6Pu0jr3hK3opCF5uqKWKbm4Kkq...vTF0FGw", "e": "AQAB", "alg": "RS256" } ] }
  • 27. The JWT Format: x5c PentesterLab.com / @PentesterLab { "keys": [ { "kty": "RSA", "use": "sig", "kid": "pentesterlab", "x5c": "MIIDWDCCAkACCQCnE....fpye27SQbC2fBxebsek=", "alg": "RS256" } ] }
  • 28. jku and x5u PentesterLab.com / @PentesterLab Application Trusted Server User
  • 29. Application Trusted Server User HTTP Request with JWT1 jku and x5u PentesterLab.com / @PentesterLab
  • 30. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 jku and x5u PentesterLab.com / @PentesterLab
  • 31. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
  • 32. Fetching of the JWK based on the “jku” header Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Parsing of the JWK4 jku and x5u PentesterLab.com / @PentesterLab
  • 33. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header1 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
  • 34. Application Trusted Server User HTTP Request with JWT Parsing of the JWT to extract the “jku” header Response 1 6 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Fetching of the JWK based on the “jku” header jku and x5u PentesterLab.com / @PentesterLab
  • 35. jku and x5u PentesterLab.com / @PentesterLab Application Malicious Server HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header Response 1 6 2 3 Parsing of the JWK4 Verifying the JWT signature using the JWK5 Attacker Fetching of the malicious JWK based on the “jku” header
  • 36. jku and x5u PentesterLab.com / @PentesterLab Application Malicious Server HTTP Request with malicious JWT Parsing of the JWT to extract the “jku” header1 2 3 Attacker Fetching of the malicious JWK based on the “jku” header
  • 37. jku and x5u PentesterLab.com / @PentesterLab Turns out filtering URLs is incredibly hard
  • 38. jku and x5u : regular expression PentesterLab.com / @PentesterLab https://trusted.example.com => https://trustedzexample.com
  • 39. jku and x5u : starts with PentesterLab.com / @PentesterLab https://trusted => https://trusted@pentesterlab.com https://trusted/jwks/ => https://trusted/jwks/../file_uploaded https://trusted/jwks/ => https://trusted/jwks/../open_redirect https://trusted/jwks/ => https://trusted/jwks/../header_injection
  • 40. 3 Fetching of the JWK based on the “jku” header Parsing of the JWT to extract the “jku” header2 Application Trusted Server HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 41. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server HTTP Request with malicious JWT1 Malicious Server 3 Fetching of the JWK based on the “jku” header Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 42. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 43. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 44. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Parsing of the JWK4 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 45. Parsing of the JWT to extract the “jku” header2 Application Open Redirect Trusted Server 3 Parsing of the JWK4 Verifying the JWT signature using the malicious JWK5 Fetching of the JWK based on the “jku” header 3a Redirect to malicious server 3b Fetching of the malicious JWK after following the redirect HTTP Request with malicious JWT1 Malicious Server Attacker jku and Open Redirect PentesterLab.com / @PentesterLab
  • 46. 3 Fetching of the JWK based on the “jku” header Parsing of the JWT to extract the “jku” header2 Application Trusted Server HTTP Request with malicious JWT1 Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 47. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header HTTP Request with malicious JWT1 Header Injection Attacker Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 48. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 49. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Parsing of the JWK4 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 50. Parsing of the JWT to extract the “jku” header2 Application Header Injection Trusted Server 3 Parsing of the JWK4 Verifying the JWT signature using the JWK from the header injection 5 Fetching of the JWK based on the “jku” header 3a The jku uses the header injection to reflect the jwk in a response HTTP Request with malicious JWT1 Header Injection Attacker jku and Header Injection PentesterLab.com / @PentesterLab
  • 51. Libraries: jku header injection - Exploitation PentesterLab.com / @PentesterLab Exploitation: • Find a Header Injection • Use the Header Injection to return your JWK • Add the Header Injection as jku • Sign the token with your RSA key
  • 52. jku and x5u: downgrade PentesterLab.com / @PentesterLab • The RFC calls out enforcing TLS to avoid MITM • Few implementations get it wrong: Enforcing when you set the value vs Enforcing when you fetch the key
  • 54. Recommendations PentesterLab.com / @PentesterLab ✓ Use strong keys and secrets ✓ Don’t store them in your source code ✓ Make sure you have key rotation built-in
  • 55. Recommendations PentesterLab.com / @PentesterLab ✓ Review the libraries you pick (KISS library) ✓ Make sure you check the signature ✓ Make sure your tokens expire ✓ Enforce the algorithm
  • 56. Recommendations PentesterLab.com / @PentesterLab ✓ Test for x5u and jku ✓ Don't burn Open Redirect ✓ Read RFC ✓ Hack all the things!
  • 57. Conclusion PentesterLab.com / @PentesterLab • JWT are complex and kind of insecure by design (make sure you check https://github.com/paragonie/paseto) • JWT libraries introduce very interesting bugs • Make sure you test for those if you write code, pentest or do bug bounties
  • 58. Any questions? FOR YOUR TIME ! THANKS louis@pentesterlab.com / PentesterLab.com / @PentesterLab