BURP SUITE EXTENSION FOR JWT (JSON WEB TOKEN)
By Rupali Jain
JWT – A JSON Web Token (JWT) is split into three parts;
- the header – The most important information in the header is the algorithm used for the signature. The main algorithms that are supported out there are: HMAC, SHA256 and RSA
- payload – The payload of the JWT is separated from the header and signature through the use of full stops. This part of the token contains the information that is being sent. Usually it contains the authenticated user
- signature – The signature is made from the algorithm listed in the header. This is used to ensure the data has not been tampered with. To create the signature, the algorithm needs to be applied on the following payload: base64urlencoded(header)+”.”+base64urlencoded(body)
This allows small pieces of information to be securely transmitted between parties. The integrity of the information is enforced by the signature.
JWT Structure – header.payload.signature
The header and payload parts of a JWT are just base64url-encoded JSON objects.
Download the burp suite extension –
- BApp Store
- Install JSON Web Token
- Install JWT Editor Key
- Go to HTTP history and check for the jwt token
- Send this jwt token request to the repeater and can see the 200 status code.
- Now change the path to admin and check the response getting 401 unauthorized. So here not able to access the admin panel.
- So go to the JWT Editor Extension and there click on the New RSA key.
- Now click on generate
- Go to the repeater tab and from there JSON Web Token here can see in the payload tab sub=” wiener”
- Now change the wiener to the administrator.
- Click on the Attack and then select Embedded JWK
- And now can see jwk parameter has been added containing your public key
- Now send the request and got a 200 status code which means to access the admin panel.
- Now can delete the user.