repo showcasing generation of a base64 signature for applications that are vulnerable to "psychic signatures in java", implemented in a nodejs environment π
Before running make sure to install the modified fork of elliptic from https://github.com/davwwwx/elliptic
$ npm install
Generate the signature
$ node index.js
Get an example vulnerable application from DataDog/security-labs-pocs - https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app