jwt parkour
play

JWT Parkour Attacking JSON WEB TOKENS Louis Ny ff enegger - PowerPoint PPT Presentation

Sep 16, 2023 •481 likes •1.28k views

JWT Parkour Attacking JSON WEB TOKENS Louis Ny ff enegger @PentesterLab louis@pentesterlab.com About me Security Engineer Pentester/Code Reviewer/Security consultant/Security architect/IANAC Run a website to help people learn security

  1. JWT Parkour Attacking JSON WEB TOKENS… Louis Ny ff enegger @PentesterLab louis@pentesterlab.com

  2. About me Security Engineer Pentester/Code Reviewer/Security consultant/Security architect/IANAC Run a website to help people learn security PentesterLab: Platform to learn web security/penetration testing 100% Hands-on Available for individuals (free and PRO) and enterprises https://www.pentesterlab.com/ PentesterLab.com / @PentesterLab

  3. Who uses JWT? • A lot of people for OAuth • A lot of people for sessions • A lot of people to manage trust • A lot of people for password reset • A lot of people who care about being stateless and multi-datacenter architecture PentesterLab.com / @PentesterLab

  4. Acronyms • JOSE: • Javascript Object Signing and Encryption • Also the name of the working group • JWT: JSON Web Token == “jot” Token • JWE: JSON Web Encryption • JWS: JSON Web Signature • JWK: JSON Web Key • JWA: JSON Web Algorithm PentesterLab.com / @PentesterLab

  5. Crypto 101

  6. Signature vs Encryption Encryption gives you confidentiality Signature gives you integrity PentesterLab.com / @PentesterLab

  7. Multiple ways of signing • With a secret using HMAC • With a private key using RSA/EC/… (asymmetric) PentesterLab.com / @PentesterLab

  8. Signing with a secret Sign! Verify! Secret PentesterLab.com / @PentesterLab

  9. Signing: asymmetric Sign! Verify! Public Private PentesterLab.com / @PentesterLab

  10. THE JWT FORMAT

  11. JavaScript Object Notation (JSON) Human readable format to store or transmit objects PentesterLab.com / @PentesterLab

  12. The Compact JWS Format 3 parts in a JSON Web Token: Header Payload Signature PentesterLab.com / @PentesterLab

  13. The Compact JWS Format Separated by a dot . . Header Payload Signature PentesterLab.com / @PentesterLab

  14. The Compact JWS Format Header and Payload are base64* encoded JSON * urlsafe base64 encoding without padding . . Base64({…}) Base64({…}) Base64(…) The signature is also base64 encoded PentesterLab.com / @PentesterLab

  15. The Compact JWS Format Separated by a dot eyJ 0eXAiOiJK eyJ sb2dpbi FSfvCBAwypJ4abF6 . . V1QiLCJhbGci I6ImFkb jFLmR7JgZhkW674 OiJIUzI1NiJ9 WluIn0 Z8dIdAIRyt1E eyJ = Base64('{"') PentesterLab.com / @PentesterLab

  16. The Compact JWS Format: Encoding Urlsafe base64 encoding without padding: * https://tools.ietf.org/html/rfc7515#appendix-C PentesterLab.com / @PentesterLab

  17. The JWT Format: header The header contains an algorithm “alg” attribute: . . Base64({"alg": "HS256", … … "typ": "JWS"}) To tell how the token was signed. In this example HMAC with SHA256 was used PentesterLab.com / @PentesterLab

  18. The JWT Format: Algorithms A lot of different algorithms can be supported*: None ES256 RS256 PS256 HS256 ES384 RS384 PS384 RS512 HS384 ES512 PS512 HS512 * https://jwt.io/ covers most PentesterLab.com / @PentesterLab

  19. The JWT Format: payload The payload may contain literally anything: . . … Base64({"user":"admin", … "roles": ["adm","users"]}) PentesterLab.com / @PentesterLab

  20. The JWT Format: payload The payload may contain registered claims: . . … Base64({"user":"admin", … "exp":12…, "iat":1234.. }) PentesterLab.com / @PentesterLab

  21. The JWT Format: payload The payload may contain registered claims: • “exp”: expiration time • “iss”: issuer • “nbf”: not before • “sub”: subject • “iat”: issued at* • “aud”: audience • “jti”: claim id * useful for async processing PentesterLab.com / @PentesterLab

  22. The JWT Format: creating a token • Create the JSON header and base64 encode it • Create the JSON payload and base64 encode it • Concatenate with a dot the (encoded) header and payload • Sign the result (header+.+payload) • Base64 encode the signature • Append a dot then the signature PentesterLab.com / @PentesterLab

  23. The JWT Format: verifying a token • Split the token in three parts based on the dots • Base64 decode each part • Parse the JSON for the header and payload • Retrieve the algorithm from the header • Verify the signature based on the algorithm • Verify the claims PentesterLab.com / @PentesterLab

  24. Keep in mind • Multiple systems can issue tokens • A token can be used by multiple systems • All these systems can use different libraries PentesterLab.com / @PentesterLab

  25. Attacking JWT When attacking JWT, your main goal is to bypass the signature mechanism PentesterLab.com / @PentesterLab

  26. Not checking the signature

  27. Not checking the signature Some libraries provide two methods: • decode <- don’t use this one • verify Or just people forgetting to re-enforce the signature check after disabling it for some quick testing PentesterLab.com / @PentesterLab

  28. Not checking the signature Exploitation: • Get a token • Decode and tamper with the payload • Profit PentesterLab.com / @PentesterLab

  29. None algorithm

  30. The None algorithm Remember that slide? None ES256 RS256 PS256 Basically, don’t sign the token Used to be supported by default in a few libraries PentesterLab.com / @PentesterLab

  31. The None algorithm Exploitation: • Get a token • Decode the header and change the algorithm to “None” (or “none”) • Decode and tamper with the payload • Keep or remove the signature • Profit PentesterLab.com / @PentesterLab

  32. Weak Secret

  33. Trivial secret The security of the signature relies on the strength of the secret The secret can be cracked offline with just one valid token Cracking is supported by hashcat PentesterLab.com / @PentesterLab

  34. Trivial secret https://github.com/aichbauer/express-rest-api-boilerplate/blob/master/api/services/auth.service.js PentesterLab.com / @PentesterLab

  35. Trivial secret Exploitation: • Get a token • Brute force the secret until you get the same signature • Tamper with the payload • Re-sign the token using the secret PentesterLab.com / @PentesterLab

  36. Algorithm confusion

  37. Algorithm confusion The sender controls the algorithm used You can tell the receiver that the token has been signed using HMAC instead of RSA for example With RSA, you sign with the private key and verify with the public key With HMAC, you sign and verify with the same key PentesterLab.com / @PentesterLab

  38. Algorithm confusion You tell the receiver it’s an HMAC (instead of RSA) and it verifies the signature using HMAC with the public key as the secret (thinking it’s RSA) You can sign the token with the public key PentesterLab.com / @PentesterLab

  39. Algorithm confusion How to get the public key: • Public key accessible in the javascript code • Public key available in a mobile client • Public key just available in the documentation. PentesterLab.com / @PentesterLab

  40. Algorithm confusion Exploitation: • Get a token signed with RSA (you only have access to the public key) • Decode the header and change the algorithm from RSA “RS256” to HMAC “HS256” • Tamper with the payload • Sign the token with the public RSA key PentesterLab.com / @PentesterLab

  41. kid injection

  42. Kid parameter The header can contain a kid parameter: • Key id (https://tools.ietf.org/html/ rfc7515#section-4.1.4) • Often used to retrieve a key from: ✴ The filesystem ✴ A Database This is done prior to the verification of the signature If the parameter is injectable, you can bypass the signature PentesterLab.com / @PentesterLab

  43. Kid Injection Exploitation: • Get a signed token containing a kid parameter • Decode the header and change the kid with a SQL injection payload • Tamper with the payload • Sign the token using the return value from the SQL injection PentesterLab.com / @PentesterLab

  44. CVE-2018-0114

  45. Libraries: CVE-2018-0114 JWS allows you to add a “jwk” attribute (JSON Web Key) to the header to tell the receiver what key was used to sign the token: PentesterLab.com / @PentesterLab

  46. Libraries: CVE-2018-0114 • Vulnerability in Cisco Node Jose • Node-Jose trusts embedded “jwk” keys to check the signature PentesterLab.com / @PentesterLab

  47. Libraries: CVE-2018-0114 - Exploitation Exploitation: • Get a token • Decode and tamper with the payload • Generate a RSA key • Add “n" & “e” to the header and use RS256 • Sign the token with your RSA key PentesterLab.com / @PentesterLab

  48. jku & x5u

  49. jku and x5u • If you read some of the JWS RFC, you probably learnt about jku and x5u parameter for the headers • People are starting to use jku (JWK URL) PentesterLab.com / @PentesterLab

  50. jku and x5u User Application Trusted Server PentesterLab.com / @PentesterLab

  51. jku and x5u 1 HTTP Request with JWT User Application Trusted Server PentesterLab.com / @PentesterLab

  52. jku and x5u 1 HTTP Request with JWT Parsing of the JWT to extract the “jku” header 2 User Application Trusted Server PentesterLab.com / @PentesterLab

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Footsteps Informal Sound Study Retro Basics Parkour Squad Iconic Tricks Video Footsteps

Footsteps Informal Sound Study Retro Basics Parkour Squad Iconic Tricks Video Footsteps

Footsteps Informal Sound Study Retro Basics Parkour Squad Iconic Tricks Video Footsteps Retro Sound Study Footsteps Retro Sound Study http://vimeo.com/19525536 Footloose and Fancy Free Fundamentals 1 st Person 3 rd Person Animation

265 views • 12 slides
Calibrating semi-analytic V T s against reweighted injection V T s Daniel Wysocki and

Calibrating semi-analytic V T s against reweighted injection V T s Daniel Wysocki and

Calibrating semi-analytic V T s against reweighted injection V T s Daniel Wysocki and Richard OShaughnessy Rochester Institute of Technology LIGO R&amp;D Call Monday, October 1, 2018 LIGO-T1800427-v1 D. Wysocki, R. OShaughnessy

271 views • 14 slides
SQL Injection Attack 1 Brief Tutorial of SQL MySQL: an open-source relational database

SQL Injection Attack 1 Brief Tutorial of SQL MySQL: an open-source relational database

SQL Injection Attack 1 Brief Tutorial of SQL MySQL: an open-source relational database management system Log in to MySQL Create a Database : SHOW DATABSES command: list existing databases. Create a new database called

521 views • 30 slides
Direct Routing: Algorithms and Complexity Costas Busch, RPI Malik Magdon-Ismail, RPI Marios

Direct Routing: Algorithms and Complexity Costas Busch, RPI Malik Magdon-Ismail, RPI Marios

Direct Routing: Algorithms and Complexity Costas Busch, RPI Malik Magdon-Ismail, RPI Marios Mavronicolas, Univ. Cyprus Paul Spirakis, Univ. Patras 1 Outline 1. Direct Routing. 2. Direct Routing is Hard. 3. Approximation Algorithms

404 views • 22 slides
LANGUAGE-AGNOSTIC INJECTION LANGUAGE-AGNOSTIC INJECTION DETECTION DETECTION Lars Hermerschmidt,

LANGUAGE-AGNOSTIC INJECTION LANGUAGE-AGNOSTIC INJECTION DETECTION DETECTION Lars Hermerschmidt,

LANGUAGE-AGNOSTIC INJECTION LANGUAGE-AGNOSTIC INJECTION DETECTION DETECTION Lars Hermerschmidt, Andreas Straub, Goran Piskachev injections grow on trees 1 SHOTGUN UNPARSER SHOTGUN UNPARSER 1 if (recursive || print_dir_name) 2 { 3 if

640 views • 27 slides
Visiting the snake nest Recon Brussels 2018 Jean-Ian Boutin | Senior Malware Researcher Matthieu

Visiting the snake nest Recon Brussels 2018 Jean-Ian Boutin | Senior Malware Researcher Matthieu

Visiting the snake nest Recon Brussels 2018 Jean-Ian Boutin | Senior Malware Researcher Matthieu Faou | Malware Researcher Jean-Ian Boutin Matthieu Faou Senior Malware Researcher Malware Researcher @jiboutin @matthieu_faou Agenda 1.

2.05k views • 138 slides
FOCUS GROUP JULY 2017 3:30PM-5:00PM 25 VAN NESS AVE RM 330A SAN FRANCISCO DEPARTMENT OF

FOCUS GROUP JULY 2017 3:30PM-5:00PM 25 VAN NESS AVE RM 330A SAN FRANCISCO DEPARTMENT OF

SAN FRANCISCO SAFE INJECTION SERVICES FOCUS GROUP JULY 2017 3:30PM-5:00PM 25 VAN NESS AVE RM 330A SAN FRANCISCO DEPARTMENT OF PUBLIC HEALTH 1 HARM REDUCTION Public health philosophy that promotes methods of reducing the physical,

441 views • 21 slides
Texas CCUS Project Development Lessons Learned and Still More to Come Christine Ehlig-Economides

Texas CCUS Project Development Lessons Learned and Still More to Come Christine Ehlig-Economides

1 Texas CCUS Project Development Lessons Learned and Still More to Come Christine Ehlig-Economides Steve Melzer 9/1/2020 The Permian Basin: A Bright Spot for CCUS August 27, 2020 3 Subjects for Today I. Overview II. Focus on the San

1.06k views • 40 slides
File Injection for Virtual Machine Boot Mechanisms Till Mller advised by Johannes Naab Monday 4

File Injection for Virtual Machine Boot Mechanisms Till Mller advised by Johannes Naab Monday 4

Chair of Network Architectures and Services Department of Informatics Technical University of Munich File Injection for Virtual Machine Boot Mechanisms Till Mller advised by Johannes Naab Monday 4 th November, 2019 Block Seminar: Innovative

453 views • 16 slides
DLL Injection CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 18.07.2020

DLL Injection CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 18.07.2020

DLL Injection CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 18.07.2020 DLL INJECTION - ADAM FURMANEK About me Experienced with backend, frontend, mobile, desktop, ML, databases. Blogger, public speaker. Author of .NET

655 views • 36 slides
A Bruhat type decomposition of the set of conditioned invariant subspaces Jochen Trumpf

A Bruhat type decomposition of the set of conditioned invariant subspaces Jochen Trumpf

A Bruhat type decomposition of the set of conditioned invariant subspaces Jochen Trumpf Jochen.Trumpf@anu.edu.au Department of Systems Engineering Research School of Information Sciences and Engineering The Australian National University and

642 views • 45 slides
FUZZIFICATION : Anti-Fuzzing Techniques Jinho Jung , Hong Hu, David Solodukhin, Daniel Pagan, Kyu

FUZZIFICATION : Anti-Fuzzing Techniques Jinho Jung , Hong Hu, David Solodukhin, Daniel Pagan, Kyu

FUZZIFICATION : Anti-Fuzzing Techniques Jinho Jung , Hong Hu, David Solodukhin, Daniel Pagan, Kyu Hyung Lee*, Taesoo Kim * 1 Fuzzing Discovers Many Vulnerabilities 2 Fuzzing Discovers Many Vulnerabilities 3 Testers Find Bugs with Fuzzing

1.13k views • 65 slides
COMMAND INJECTION IN IRULES LOADBALANCER SCRIPTS A story about how TCL interpretation works in

COMMAND INJECTION IN IRULES LOADBALANCER SCRIPTS A story about how TCL interpretation works in

COMMAND INJECTION IN IRULES LOADBALANCER SCRIPTS A story about how TCL interpretation works in F5 iRules and how it can be detected or exploited WHOAMI AND THANKS Big thanks to my fellow researchers Jesper Blomstrm Pasi Saarinen

679 views • 47 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
The Impact of Attack Profile Classification on the Robustness of Collaborative Recommendation *

The Impact of Attack Profile Classification on the Robustness of Collaborative Recommendation *

Center for W eb I ntelligence Center for W eb I ntelligence School of CTI, DePaul University Chicago, Illinois, USA The Impact of Attack Profile Classification on the Robustness of Collaborative Recommendation * Chad Williams, Runa Bhaumik,

380 views • 24 slides
Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU

Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU

Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU Darmstadt Joint work with Cristian Staicu (TU Darmstadt) and Ben Livshits (Microsoft Research, Redmond) 1 Why JavaScript? Relevant and challenging

520 views • 48 slides
End-to-end Injection Safety at Scale Mike Samuel, Google Security Engineering March 2019 2019 |

End-to-end Injection Safety at Scale Mike Samuel, Google Security Engineering March 2019 2019 |

End-to-end Injection Safety at Scale Mike Samuel, Google Security Engineering March 2019 2019 | About me Security engineer @ Google Hacks libraries, tools, languages TC39 member ( JavaScript language committee ) Editor of &quot;A Roadmap

407 views • 29 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Physics of Injection-induced Earthquakes Unveiled by Seismic Wave Analysis and Numerical Models

Physics of Injection-induced Earthquakes Unveiled by Seismic Wave Analysis and Numerical Models

Physics of Injection-induced Earthquakes Unveiled by Seismic Wave Analysis and Numerical Models Yihe Huang University of Michigan Injection-induced earthquakes : Earthquakes induced by fluid injection related to energy technologies including

756 views • 32 slides
BP Midstream Partners 4Q and full year 2018 Results February 28, 2019 BP MAD DOG 1 BP

BP Midstream Partners 4Q and full year 2018 Results February 28, 2019 BP MAD DOG 1 BP

BP MIDSTREAM PARTNERS BP Midstream Partners 4Q and full year 2018 Results February 28, 2019 BP MAD DOG 1 BP MIDSTREAM PARTNERS 4Q &amp; FULL YEAR 2018 RESULTS Offshore deepwater Gulf of Mexico Cautionary statement BP MIDSTREAM PARTNERS

456 views • 27 slides
Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss June 20,

Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss June 20,

Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss June 20, 2019 - DIMVA19 Graz University of Technology www.tugraz.at Outline SGX 2 Michael Schwarz , Samuel Weiser, Daniel Gruss Graz University of

1.34k views • 100 slides
AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

Saurabh Jha, Subho S. Banerjee , James Cyriac, Zbigniew T. Kalbarczyk and Ravishankar K. Iyer Computer Science, Electrical and Computer Engineering AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

215 views • 8 slides
Mycobacterium tuberculosis Mycobacterium tuberculosis Rv2224c modulates innate Rv2224c modulates

Mycobacterium tuberculosis Mycobacterium tuberculosis Rv2224c modulates innate Rv2224c modulates

Mycobacterium tuberculosis Mycobacterium tuberculosis Rv2224c modulates innate Rv2224c modulates innate immune responses immune responses Jyothi Rengarajan, Elissa Murphy, Arnold Park, Arnold Park, Cassandra L. Krone, Erik C. Hett, Barry R.

616 views • 37 slides
Expression profile of innate immune genes in peripheral blood mononuclear cells as early

Expression profile of innate immune genes in peripheral blood mononuclear cells as early

Expression profile of innate immune genes in peripheral blood mononuclear cells as early detection of breast cancer Nataliia Melnichuk 1, *, Tetiana Marchyshak 1 ,Vladimir Kashuba 1,2 , Ivan Smolanka 3 , Petro Okhrimenko 4 , and Zenoviy Tkachuk 1

248 views • 13 slides

More recommend