Skip to main content

JWTweak - JSON Web Token [JWT] Algorithm Convertor and Generator Tool

Introduction

With the global increase in JSON Web Token (JWT) usage, the attack surface has also increased significantly. Having said that, this utility is designed with the aim to generate the new JWT token with little or no time which would help security enthusiasts to find security flaws in JWT implementation like JWT Algorithm Confusion Attack. This tool is designed to automate the process of modifying the JWT algorithm of input JWT Token and then generate the new JWT based on the new algorithm.

Requirements

Python 3 (tested and working fine in python-3.7.7/Kali and python-3.8.2/Windows 10)
pip3 install pycryptodomex

Features

  • Detects the algorithm of the input JWT Token
  • Base64 decode the input JWT Token
  • Generate new JWT by changing the algorithm of the input JWT to ‘none’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS256’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS384’
  • Generate new JWT by changing the algorithm of the input JWT to ‘HS512’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS256’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS384’
  • Generate new JWT by changing the algorithm of the input JWT to ‘RS512’

Download Link  - JWTweak.py

POC



[Disclaimer - For Education and Ethical Security Testing Purpose - Case study, attacks' scenarios and audit guidelines on vulnerabilities]

Popular posts from this blog

Essential System Design Concepts for Application Security Professionals

Introduction System design concepts is paramount for safeguarding digital assets against ever-evolving threats. Understanding how to architect systems that are not only robust and scalable but also inherently secure is essential. By grasping core system design concepts tailored to the unique demands of security, these concepts can fortify their applications against potential vulnerabilities and protect sensitive data from malicious actors.   In this blog post, we will discuss 20 latest interview questions related to system design in application security. 1. Explain the concept of threat modeling. Threat modeling is a process used to identify and prioritize potential threats to a system. It involves analyzing the system's architecture, identifying potential vulnerabilities, and evaluating the impact of different threats. The goal of threat modeling is to proactively design security measures that mitigate these threats. 2. How would you design a secure authentication system? A s...
Read more