jwt-attackslisted

# JWT Attack Detection ## When to Use Audit JWT verification/generation libraries, authentication implementations, and any code that validates or creates JSON Web Tokens. ## Attack Types ### 1. Algorithm Confusion (RS256 to HS256) The server uses RS256 (asymmetric) but the attacker changes the token header to HS256 (symmetric) and signs with the public key as the HMAC secret. **Conditions**: Library accepts algorithm from token header without allowlist validation. ### 2. alg:none Bypass Token header specifies `"alg": "none"`, and the library accepts unsigned tokens. **Conditions**: Library does not validate algorithm or allows "none". ### 3. JWK Header Injection Attacker embeds their own public key in the token header via the `jwk` parameter, and the library uses it for verification. ### 4. Weak HMAC Secrets HMAC secrets that are short, common words, or default values. Can be brute-forced offline. ### 5. kid (Key ID) Attacks - **Path traversal**: `"kid": "../../dev/null"` -- sign with empty key - **SQL injection**: `"kid": "' UNION SELECT 'secret' --"` -- inject known key - **Command injection**: `"kid": "|id"` -- if kid is passed to shell ### 6. jku/x5u URL Manipulation `jku` (JWK Set URL) or `x5u` (X.509 URL) in header points to attacker-controlled server hosting a JWK Set with the attacker key. ## Process ### Step 1: Find JWT Usage ``` grep -rn "jwt\.verify\|jwt\.decode\|jwt\.sign\|jwt\.encode" . grep -rn "jsonwebtoken\|jose\|PyJWT\|go-jose\|nimbus-jose