JWTexploit

JWTexploit is a script that takes a JWT in entry, modifies its signature to HS256 and signs it with the public key of the domain given.

More information about the exploit here : https://nvd.nist.gov/vuln/detail/CVE-2016-10555

Usage

python3 JWTexploit -h HOSTNAME -j JWT

Example: python3 JWTexploit -h example.com -j eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

The -n option permits to get a token with a none algorithm generated from the token in input

Example: python3 JWTexploit -n eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
JWTexploit.py		JWTexploit.py
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

JWTexploit

Usage

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

JWTexploit

Usage

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages